CVE-2019-16869

HIGH

Netty <4.1.42 - HTTP Request Smuggling

Title source: llm
STIX 2.1

Description

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

References (146)

... and 126 more

Scores

CVSS v3 7.5
EPSS 0.0403
EPSS Percentile 88.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-444
Status published
Products (10)
canonical/ubuntu_linux 18.04
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
io.netty/netty-all 4.0.0.Alpha1 - 4.1.42.FinalMaven
netty/netty < 4.1.42
org.jboss.netty/netty 0Maven
redhat/jboss_enterprise_application_platform 7.2
redhat/jboss_enterprise_application_platform 7.3
redhat/jboss_enterprise_application_platform 7.4
Published Sep 26, 2019
Tracked Since Feb 18, 2026