HTTP Request Smuggling in Netty

Description

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Browse source ↗
Published (advisory)
2020-02-21 18:55:04 UTC
Updated
2023-08-16 05:02:11 UTC
GitHub reviewed
2020-02-20 20:54:25 UTC
NVD published
2020-01-29

EPSS Score

Score Percentile
2.84% 85.95%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Credits

  • westonsteimel (analyst)

Affected packages (3)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
maven io.netty:netty-handler >= 4.0.0, < 4.1.45 4.1.45
maven org.jboss.netty:netty < 4.0.0
maven io.netty:netty < 4.0.0

References

cvelogic Threat Intelligence