A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.

Mitigation

Use HTTP/2 instead (clear boundaries between requests)
Disable reuse of backend connections eg.

http-reuse never

in HAProxy or whatever equivalent LB settings

References

bugzilla.redhat.com/show_bug.cgi?id=1758619

nvd.nist.gov/vuln/detail/CVE-2019-16869

www.cve.org/CVERecord?id=CVE-2019-16869

nessus 11

osv 11

cve 2

veracode 2

openvas 8

github 2

ibm 23

debian 6

ubuntucve 2

debiancve 2

prion 2

nvd 2

cvelist 2

f5 1

redhatcve 3

ubuntu 3

redhat 14

nessus

Debian DSA-4597-1 : netty - security update

2020-01-06 00:00:00

Debian DLA-1941-1 : netty security update

2019-10-01 00:00:00

Ubuntu 18.04 LTS : Netty vulnerabilities (USN-4532-1)

2020-09-23 00:00:00

osv

HTTP Request Smuggling in Netty

2019-10-11 18:41:23

netty - security update

2019-09-30 00:00:00

netty - security update

2020-01-03 00:00:00

cve

CVE-2019-16869

2019-09-26 16:15:11

CVE-2020-7238

2020-01-27 17:15:12

veracode

HTTP Request Smuggling

2019-09-27 08:45:44

HTTP Request Smuggling

2020-01-31 00:35:33

openvas

Debian: Security Advisory (DLA-1941-1)

2019-10-01 00:00:00

Debian: Security Advisory (DSA-4597-1)

2020-01-04 00:00:00

Debian: Security Advisory (DLA-2365-1)

2020-09-05 00:00:00

github

HTTP Request Smuggling in Netty

2019-10-11 18:41:23

HTTP Request Smuggling in Netty

2020-02-21 18:55:50

ibm

Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability

2019-12-20 08:47:33

Security Bulletin: A vulnerability in netty affects IBM Operations Analytics Predictive Insights (CVE-2019-16869)

2020-02-28 15:59:40

Security Bulletin: Netty vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ( CVE-2019-16869)

2022-02-22 20:10:14

debian

[SECURITY] [DSA 4597-1] netty security update

2020-01-03 14:58:28

[SECURITY] [DLA 1941-1] netty security update

2019-09-30 21:18:13

[SECURITY] [DSA 4597-1] netty security update

2020-01-03 14:58:28

ubuntucve

CVE-2019-16869

2019-09-26 00:00:00

CVE-2020-7238

2020-01-27 00:00:00

debiancve

CVE-2019-16869

2019-09-26 16:15:11

CVE-2020-7238

2020-01-27 17:15:12

prion

Design/Logic Flaw

2019-09-26 16:15:00

Design/Logic Flaw

2020-01-27 17:15:00

nvd

CVE-2019-16869

2019-09-26 16:15:11

CVE-2020-7238

2020-01-27 17:15:12

cvelist

CVE-2019-16869

2019-09-26 15:28:25

CVE-2020-7238

2020-01-27 16:43:44

K75555129 : Netty vulnerabilities CVE-2019-16869 and CVE-2020-7238

2020-07-13 00:00:00

redhatcve

CVE-2020-7238

2022-05-14 11:41:00

CVE-2019-20444

2021-07-18 00:29:58

CVE-2019-20445

2022-05-14 11:32:59

ubuntu

Netty vulnerabilities

2020-09-22 00:00:00

Netty vulnerabilities

2020-10-22 00:00:00

Netty vulnerabilities

2020-10-27 00:00:00

redhat

(RHSA-2019:3901) Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security update

2019-11-18 14:38:31

(RHSA-2020:0164) Important: Red Hat JBoss Enterprise Application Platform 7.2.6 security update

2020-01-20 15:57:06

(RHSA-2020:0159) Important: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update

2020-01-20 15:35:57

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.012 Low

EPSS

Percentile

85.6%

JSON

Related for RH:CVE-2019-16869