Lucene search
+L

429 matches found

Prion
Prion
added 2020/02/19 7:15 p.m.21 views

Design/Logic Flaw

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

4.3CVSS6.4AI score0.0126EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.33 views

Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability

Summary The Netty library is vulnerable affecting the IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering fixed the below CVE. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a...

7.5CVSS0.5AI score0.08415EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/18 2:40 p.m.4 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
OSV
OSV
added 2019/10/11 6:41 p.m.4 views

GHSA-P979-4MFW-53VG HTTP Request Smuggling in Netty

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...

7.5CVSS6.8AI score0.08415EPSS
Exploits1References82
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:59 a.m.23 views

Security Bulletin: Rational Integration Tester component in Rational Test Workbench affected by Netty vulnerability (CVE-2014-3488)

Summary The Netty library is vulnerable affecting the Rational Integration Tester component in IBM Rational Test Workbench. Vulnerability Details CVE ID: CVE-2014-3488 Description: Netty is vulnerable to a denial of service, caused by an error in SslHandler. A remote attacker could exploit this...

5CVSS0.8AI score0.04222EPSS
Exploits1Affected Software2
OSV
OSV
added 2017/10/18 3:29 p.m.8 views

UBUNTU-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.2AI score0.05434EPSS
Exploits0References6
OSV
OSV
added 2017/10/18 3:29 p.m.5 views

DEBIAN-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.9AI score0.05434EPSS
Exploits0References1
OSV
OSV
added 2017/04/13 2:59 p.m.5 views

UBUNTU-CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

7.5CVSS7.2AI score0.11259EPSS
Exploits0References2
Veracode
Veracode
added 2017/01/16 3:58 a.m.7 views

Denial Of Service (DoS)

netty is vulnerable to denial of service attacks. The vulnerability exists because it allows a malicious user to send infinite number of header frames when number of header frames exceeds the MAXHEADERLISTSIZE...

6.3AI score
Exploits0
Rows per page
Query Builder