Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Remediation

References

CVE-2019-20444

Related Vulnerabilities

WordPress Plugin BSK PDF Manager Multiple SQL Injection Vulnerabilities (1.3.2)

SharePoint CVE-2021-41344 Vulnerability (CVE-2021-41344)

Oracle Application Server Other Vulnerability (CVE-2007-2123)

WordPress 'admin-ajax.php' SQL Injection Vulnerability (2.1.3)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1611)

Severity

Critical

Classification

CVE-2019-20444 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities