428 matches found
GHSA-8HXH-R6F7-JF45 Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...
Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability
Summary IBM Security Guardium Insights has addressed the following vulnerability Vulnerability Details CVEID: CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security, caused by non-proper handling of Content-Length and Transfer-Encoding in the HttpObjectDecoder.java. A remot...
Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability
Summary IBM Security Guardium Insights has addressed the following vulnerability Vulnerability Details CVEID: CVE-2020-4173 DESCRIPTION: IBM Guardium Activity Insights does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by...
Security Bulletin: A vulnerability in Netty affects IBM Netcool Agile Service Manager
Summary A vulnerability in Netty used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a...
Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-11612)
Summary IBM Cloud Private is vulnerable to a Netty vulnerability Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a large ZlibEncoded...
Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-7238)
Summary IBM Cloud Private is vulnerable to a Netty vulnerability Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a specially-crafted...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
ai.databand.azkaban:azkaban-web-server (=3.18.0), at.salzburgresearch.nodekeeper:nodekeeper-java (>=1.0 <=1.2) +2130 more potentially affected by CVE-2015-2156 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.9.Final)
org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.0, =0.3.1, =1.0, =1.16.0, =1.16.0, =1.0, =0.2.0, =0.1.5, =0.1.5, =0.5.0 and more Source cves: CVE-2015-2156 Source advisory: OSV:GHSA-XFV3-RRFM-F2RV...
at.iem:sysson_2.11 (>=1.14.1 <=1.15.0), at.iem:sysson_2.12 (>=1.14.1 <=1.15.0) +1032 more potentially affected by CVE-2015-2156 via io.netty:netty (>=3.10.0.Final <=3.10.2.Final)
io.netty:netty MAVEN version =3.10.0.Final, =1.14.1, =1.14.1, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =3.2.2, =3.2.2, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =3.5.3, =2.5.0-beta.0, =2.5.0-beta.0, =3.4.0, =3.5.7-jre7.0 and more Source cves: CVE-2015-2156 Source advisory:...
com.github.taymindis:channeling-camel (>=2.3.1 <=2.3.2), com.github.taymindis:channeling-camel-springboot (>=2.3.1 <=2.3.2) +47 more potentially affected by CVE-2020-11973 via org.apache.camel:camel-netty (>=3.0.0 <=3.22.4)
org.apache.camel:camel-netty MAVEN version =3.0.0, =2.3.1, =2.3.1, =0.46, =0.3, =0.5, =1.3.0, =1.3.0, =1.3.0, =0.1.0, =0.1.0, =0.10.1, =0.10.1, =3.21.0 and more Source cves: CVE-2020-11973 Source advisory: OSV:GHSA-H79P-32MX-FJJ9...
Low: Red Hat Security Advisory: AMQ Online security update
An update of the Red Hat OpenShift Container Platform 3.11 and 4.1 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
DEBIAN-CVE-2020-11612
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2019-20444 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)
io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2019-20444 Source advisory: OSV:GHSA-CQQJ-4P63-RRMM...
com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2019-20444 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)
org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2019-20444 Source advisory: OSV:GHSA-CQQJ-4P63-RRMM...
com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2019-20445 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)
io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2019-20445 Source advisory: OSV:GHSA-P2V9-G2QV-P635...
com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2019-20445 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)
org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2019-20445 Source advisory: OSV:GHSA-P2V9-G2QV-P635...
Design/Logic Flaw
Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...