Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Remediation

References

CVE-2019-20444

Related Vulnerabilities

Apache Tomcat Resource Management Errors Vulnerability (CVE-2014-0230)

WordPress Plugin Polls CP Unspecified Vulnerability (1.0.17)

WordPress Plugin My Calendar Cross-Site Scripting (3.2.17)

WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.2.1)

WordPress Plugin xili-language Multiple Unspecified Vulnerabilities (2.17.0)

Severity

Critical

Classification

CVE-2019-20444 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities