Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2020-7238
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- None
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 3.9/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 3.6/10
- Confidentiality Impact
- None
- Availability Impact
- None
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:netty:netty:4.1.43:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:* |
Yes
|
- | - | |
| cpe:2.3:a:redhat:jboss_enterprise_application_platform_text- |
Yes
|
- | - | |
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:* |
Yes
|
- | - | |
| cpe:2.3:a:redhat:openshift_application_runtimes_text-only_ad |
Yes
|
- | - | |
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:* |
Yes
|
- | - |
References
- https://github.com/jdordonezn/CVE-2020-72381/issues/1
- https://netty.io/news/
- https://access.redhat.com/errata/RHSA-2020:0497
- https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
- https://access.redhat.com/errata/RHSA-2020:0601
- https://access.redhat.com/errata/RHSA-2020:0606
- https://access.redhat.com/errata/RHSA-2020:0605
- https://access.redhat.com/errata/RHSA-2020:0567
- https://access.redhat.com/errata/RHSA-2020:0804
- https://access.redhat.com/errata/RHSA-2020:0805
- https://access.redhat.com/errata/RHSA-2020:0811
- https://access.redhat.com/errata/RHSA-2020:0806
- https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
- https://www.debian.org/security/2021/dsa-4885
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2c
- https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107