Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-20444)

Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Remediation

References

CVE-2019-20444

Related Vulnerabilities

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Unspecified Vulnerability (1.5.6)

WordPress Plugin WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing Local File Inclusion (1.1.1)

WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Security Bypass (1.5.2)

WordPress Plugin Another WordPress Classifieds Arbitrary File Upload (3.3.2)

WordPress Plugin Responsive Notification Bar for WordPress-Apex Notification Bar Lite includes Backdoor [Only if downloaded via the vendor website] (2.0.4)

Severity

Critical

Classification

CVE-2019-20444 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N