CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

Input validation

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

UBUNTU-CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

CVE-2016-4970

Netty CVE-2016-4970 affects OpenSslEngine in Netty 4.0.x prior to 4.0.37.Final and 4.1.x prior to 4.1.1.Final. The issue arises from improper handling of renegotiation, enabling remote attackers to cause a denial of service via an infinite loop. Remediation is to upgrade to Netty 4.0.37.Final or ...

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

IBM Development Package for Apache Spark Denial of Service Vulnerability

IBM Development Package for Apache Spark is a software development kit. A denial of service vulnerability exists in IBM Development Package for Apache Spark, which can be exploited to launch a denial of service attack. In addition, the Apache Development Package for Apache Spark is vulnerable to ...

Insecure Defaults

Netty Handler is insecure by default. Netty doesn't set the HTTP endpointIdentificationAlgorithm by default which means that the hostname verification is not enabled unless specifically turned on by the application...

Denial Of Service (DoS)

netty-socketio is vulnerable to denial of service DoS attacks. It is possible for an attacker to open many silent channels which don't timeout, causing denial of service...

netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl

An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled default setting...

Denial Of Service (DoS)

netty is vulnerable to denial of service attacks. The vulnerability exists because it allows a malicious user to send infinite number of header frames when number of header frames exceeds the MAXHEADERLISTSIZE...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service DoS attacks. These attacks are possible because it does not respect the limit on max http header size. This is caused because control characters are indefinitely skipped and the parsing never ends...

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...

Fedora Update for netty FEDORA-2015-8684

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netty and Play Framework Session Hijacking Vulnerability

Netty is a java open source framework provided by JBOSS . A session hijacking vulnerability exists in Netty and Play Framework, which can be exploited by an attacker to gain unauthorized access to an affected application...

Fedora Update for netty FEDORA-2015-8713

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : netty-4.0.28-1.fc21 (2015-8713)

Security fix for CVE-2015-2156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

[SECURITY] Fedora 21 Update: netty-4.0.28-1.fc21

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application wil...

Fedora 22 : netty-4.0.28-1.fc22 (2015-8684)

Security fix for CVE-2015-2156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...