← back
CVE-2019-20444

CVE-2019-20444

EPSS 8.7%
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2020:0497https://access.redhat.com/errata/RHSA-2020:0567https://access.redhat.com/errata/RHSA-2020:0601https://access.redhat.com/errata/RHSA-2020:0605https://access.redhat.com/errata/RHSA-2020:0606https://access.redhat.com/errata/RHSA-2020:0804https://access.redhat.com/errata/RHSA-2020:0805https://access.redhat.com/errata/RHSA-2020:0806https://access.redhat.com/errata/RHSA-2020:0811https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Finalhttps://github.com/netty/netty/issues/9866https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-20444/5.0.0.Alpha1/exploit