CVE-2019-16869
CVE-2019-16869
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2019:3892https://access.redhat.com/errata/RHSA-2019:3901https://access.redhat.com/errata/RHSA-2020:0159https://access.redhat.com/errata/RHSA-2020:0160https://access.redhat.com/errata/RHSA-2020:0161https://access.redhat.com/errata/RHSA-2020:0164https://access.redhat.com/errata/RHSA-2020:0445https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Finalhttps://github.com/netty/netty/issues/9571https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-16869/5.0.0.Alpha1/exploithttps://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac@%3Cissues.spark.apache.org%3Ehttps://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac%40%3Cissues.spark.apache.org%3E