Lucene search
IBM1E9CF6FDFBA489706238E6E37CCC826D29377A3819B88B687B8B88A40020AC3EHistoryNov 03, 2022 - 8:43 a.m.
Security Bulletin: Vulnerability in Netty shipped with IBM Operations Analytics - Log Analysis (CVE-2019-20444)
2022-11-0308:43:33
www.ibm.com
17
0.009 Low
EPSS
Percentile
82.3%
Summary
Netty prior to version 4.1.44 is vulnerable to HTTP request smuggling.
Vulnerability Details
CVEID:CVE-2019-20444
**DESCRIPTION:**Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175487 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Log Analysis | 1.3.x |
Remediation/Fixes
| Version | Fix details |
|---|---|
| IBM Operations Analytics - Log Analysis version 1.3.x | Upgrade to Log Analysis version 1.3.7.2 Interim Fix 4. Download the 1.3.7.2-TIV-IOALA-IF004. For Log Analysis prior to 1.3.7.2, upgrade to 1.3.7-TIV-IOALA-FP2 before installing this fix. |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm smartcloud analytics | eq | 1.3. |
Related
f5
f5
K14752415 : Netty vulnerability CVE-2019-20444
2020-07-13 00:00:00
veracode
veracode
HTTP Request Smuggling
2020-01-31 06:26:41
prion
prion
Design/Logic Flaw
2020-01-29 21:15:00
debiancve
debiancve
CVE-2019-20444
2020-01-29 21:15:11
osv
osv
CVE-2019-20444
2020-01-29 21:15:11
HTTP Request Smuggling in Netty
2020-02-21 18:55:24
netty vulnerabilities
2020-10-27 13:40:49
github
github
HTTP Request Smuggling in Netty
2020-02-21 18:55:24
cvelist
cvelist
CVE-2019-20444
2020-01-29 20:33:17
ubuntucve
ubuntucve
CVE-2019-20444
2020-01-29 00:00:00
cve
cve
CVE-2019-20444
2020-01-29 21:15:11
redhatcve
redhatcve
CVE-2019-20444
2021-07-18 00:29:58
ibm
ibm
redhat
redhat
nessus
nessus
Debian DLA-2365-1 : netty-3.9 security update
2020-09-08 00:00:00
Debian DLA-2109-1 : netty security update
2020-02-20 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2109-1)
2020-02-20 00:00:00
Ubuntu: Security Advisory (USN-4532-1)
2020-09-23 00:00:00
Debian: Security Advisory (DLA-2365-1)
2020-09-05 00:00:00
ubuntu
ubuntu
Netty vulnerabilities
2020-09-22 00:00:00
Netty vulnerabilities
2020-10-22 00:00:00
Netty vulnerabilities
2020-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: netty-4.1.51-1.fc33
2020-09-25 17:16:37
[SECURITY] Fedora 33 Update: jctools-3.1.0-1.fc33
2020-09-25 17:16:36
debian
debian
[SECURITY] [DSA 4885-1] netty security update
2021-04-05 19:06:20
0.009 Low
EPSS
Percentile
82.3%
Related for 1E9CF6FDFBA489706238E6E37CCC826D29377A3819B88B687B8B88A40020AC3E