HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
References
Link Providers
https://access.redhat.com/errata/RHSA-2020:0497 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0567 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0601 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0605 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0606 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0804 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0805 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0806 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0811 cve-icon cve-icon
https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final cve-icon cve-icon
https://github.com/netty/netty/issues/9861 cve-icon cve-icon
https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663%40%3Cissues.flume.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d%40%3Creviews.spark.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r4ff40646e9ccce13560458419accdfc227b8b6ca4ead3a8a91decc74%40%3Cissues.flume.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f8041e21598e8818fc2c45%40%3Cdev.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11%40%3Cissues.spark.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rbdb59c683d666130906a9c05a1d2b034c4cc08cda7ed41322bd54fe2%40%3Cissues.flume.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-20445 cve-icon
https://usn.ubuntu.com/4532-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-20445 cve-icon
https://www.debian.org/security/2021/dsa-4885 cve-icon cve-icon
History

Mon, 26 Aug 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-29T20:33:03

Updated: 2024-08-05T02:39:10.039Z

Reserved: 2020-01-29T00:00:00

Link: CVE-2019-20445

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-29T21:15:11.110

Modified: 2023-11-07T03:09:09.623

Link: CVE-2019-20445

cve-icon Redhat

Severity : Important

Publid Date: 2020-01-29T00:00:00Z

Links: CVE-2019-20445 - Bugzilla