Description

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Remediation

References

CVE-2019-20445

Related Vulnerabilities

MySQL CVE-2018-2667 Vulnerability (CVE-2018-2667)

WordPress 6.4.x Multiple Vulnerabilities (6.4 - 6.4.2)

WordPress Plugin WP-PostRatings '[ratings]' Shortcode SQL Injection (1.61)

WordPress Plugin Wp Cookie Choice Cross-Site Request Forgery (1.1.0)

WordPress Plugin Custom Login Redirect Cross-Site Request Forgery (1.0.0)

Severity

Critical

Classification

CVE-2019-20445 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities