Description
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Remediation
References
Related Vulnerabilities
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.24)
Apache Tomcat Missing Encryption of Sensitive Data Vulnerability (CVE-2026-34486)
Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)
Oracle JRE CVE-2012-5076 Vulnerability (CVE-2012-5076)
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (4.9.2)