Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.10 views

CVE-2019-17513

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur...

7.5CVSS6.7AI score0.02153EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/29 8:58 a.m.21 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ratpack

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ratpack. Vulnerability Details CVEID: CVE-2019-11808 DESCRIPTION: Ratpack could allow a remote attacker to obtain sensitive information, caused by the use of a weak PRNG to generate session ID in JDK's...

7.5CVSS1.1AI score0.02153EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/03/03 3:32 p.m.26 views

GHSA-6V7P-V754-J89V HTTP Response Splitting in Styx

Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...

6.5CVSS6.8AI score0.01162EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/03/03 3:32 p.m.106 views

HTTP Response Splitting in Styx

Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...

6.5CVSS0.1AI score0.01162EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2019/10/21 4:8 p.m.6 views

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-17513 via io.ratpack:ratpack-core (>=0.9.0 <=1.7.4)

io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-17513 Source advisory: OSV:GHSA-MVQP-Q37C-WF9J...

7.5CVSS6.4AI score0.02153EPSS
Exploits0
CVE
CVE
added 2019/10/18 2:36 a.m.236 views

CVE-2019-17513

CVE-2019-17513 affects Ratpack before 1.7.5. The root cause is misuse of Netty’s DefaultHttpHeaders with validation disabled, allowing untrusted input used in HTTP headers to cause HTTP Response Splitting (CRLF injection). Upgrading Ratpack to 1.7.5 (or later) patches the issue by restoring heade...

7.5CVSS7.3AI score0.02153EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2019/10/17 9:26 a.m.5 views

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-17513 via io.ratpack:ratpack-core (>=0.9.10 <=1.7.4)

io.ratpack:ratpack-core MAVEN version =0.9.10, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-17513 Source advisory: SNYK:JAVA-IORATPACK-473841...

7.5CVSS6.4AI score0.02153EPSS
Exploits0
Rows per page
Query Builder