Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Remediation

References

CVE-2019-20444

Related Vulnerabilities

WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)

WordPress Plugin Booster for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (4.7.8)

Oracle JRE CVE-2013-1481 Vulnerability (CVE-2013-1481)

WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0.11 - 2.3)

Severity

Critical

Classification

CVE-2019-20444 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities