Описание
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:4.1.7-4ubuntu0.1 |
| devel | not-affected | 1:4.1.45-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 1:4.1.7-4ubuntu0.1 |
| esm-apps/focal | not-affected | 1:4.1.45-1 |
| esm-apps/jammy | not-affected | 1:4.1.45-1 |
| esm-apps/noble | not-affected | 1:4.1.45-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | released | 1:3.2.6.Final-2+deb8u2build0.14.04.1~esm1 |
| focal | not-affected | 1:4.1.45-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.9.9.Final-1+deb9u1build0.18.04.1 |
| devel | DNE | |
| esm-apps/bionic | released | 3.9.9.Final-1+deb9u1build0.18.04.1 |
| esm-apps/xenial | released | 3.9.0.Final-1ubuntu0.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
Ссылки на источники
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...
Уязвимость компонента HttpObjectDecoder.java сетевого программного средства Netty, связанная с недостатком в интерпретации HTTP-запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3