{ "id": "CVE-2019-20444", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-29T21:15:11.047", "lastModified": "2021-09-14T12:45:24.617", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an \"invalid fold.\"" }, { "lang": "es", "value": "El archivo HttpObjectDecoder.java en Netty versiones anteriores a 4.1.44, permite un encabezado HTTP que carece de \":\" dos puntos, que podr\u00eda ser interpretado como un encabezado separado con una sintaxis incorrecta, o podr\u00eda ser interpretado como un \"invalid fold.\"" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.2 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 6.4 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-444" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.1.44", "matchCriteriaId": "3D374B9C-E87A-47F2-AF0C-25D2A6D03E89" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:jboss_amq_clients:2:*:*:*:*:*:*:*", "matchCriteriaId": "491FADFF-AE11-4EDE-BD6B-64856292CA62" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC" }, { "vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" }, { "vulnerable": false, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" } ] } ] } ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2020:0497", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0567", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0601", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0605", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0606", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0804", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0805", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0806", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0811", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/netty/netty/issues/9866", "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7@%3Cdev.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b@%3Cdev.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5@%3Cdev.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/4532-1/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2021/dsa-4885", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] } ] }