429 matches found
Design/Logic Flaw
Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...
Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability
Summary The Netty library is vulnerable affecting the IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering fixed the below CVE. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a...
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...
GHSA-P979-4MFW-53VG HTTP Request Smuggling in Netty
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...
Security Bulletin: Rational Integration Tester component in Rational Test Workbench affected by Netty vulnerability (CVE-2014-3488)
Summary The Netty library is vulnerable affecting the Rational Integration Tester component in IBM Rational Test Workbench. Vulnerability Details CVE ID: CVE-2014-3488 Description: Netty is vulnerable to a denial of service, caused by an error in SslHandler. A remote attacker could exploit this...
UBUNTU-CVE-2015-2156
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...
DEBIAN-CVE-2015-2156
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...
UBUNTU-CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
Denial Of Service (DoS)
netty is vulnerable to denial of service attacks. The vulnerability exists because it allows a malicious user to send infinite number of header frames when number of header frames exceeds the MAXHEADERLISTSIZE...