Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Remediation

References

CVE-2019-20444

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0061)

WordPress Plugin AgentPress Broker Listings Cross-Site Scripting (1.0)

ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-10040)

WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)

WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-21535)

Severity

Critical

Classification

CVE-2019-20444 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities