CVE-2020-7238
HIGHNetty 4.1.43.Final - HTTP Request Smuggling via Transfer-Encoding Whitespace
Title source: llmDescription
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
References (18)
Core 18
Core References
Vendor Advisory x_refsource_misc
https://netty.io/news/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/jdordonezn/CVE-2020-72381/issues/1
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0497
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0601
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0606
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0605
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0567
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0806
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0811
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0804
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0805
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2021/dsa-4885
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0362
EPSS Percentile
88.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-444
Status
published
Products (11)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
33
io.netty/netty-handler
4.1.43 - 4.1.45Maven
netty/netty
4.1.43
redhat/jboss_enterprise_application_platform
7.2
redhat/jboss_enterprise_application_platform
7.3
redhat/jboss_enterprise_application_platform
7.4
redhat/jboss_enterprise_application_platform_text-only_advisories
... and 1 more
Published
Jan 27, 2020
Tracked Since
Feb 18, 2026