CVE-2019-20445 – netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
https://notcve.org/view.php?id=CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. "El archivo HttpObjectDecoder.java en Netty versiones anteriores a 4.1.44, permite que un encabezado Content-Length esté acompañado por un segundo encabezado Content-Length o por un encabezado Transfer-Encoding." A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability. • https://access.redhat.com/errata/RHSA-2020:0497 https://access.redhat.com/errata/RHSA-2020:0567 https://access.redhat.com/errata/RHSA-2020:0601 https://access.redhat.com/errata/RHSA-2020:0605 https://access.redhat.com/errata/RHSA-2020:0606 https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0811 https://github.com/netty/netty/compare& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2018-9159 – spark: Absolute and relative pathnames allow for unintended static file disclosure
https://notcve.org/view.php?id=CVE-2018-9159
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark. En Spark en versiones anteriores a la 2.7.2, un atacante remoto puede leer archivos estáticos no deseados mediante varias representaciones de nombres de ruta relativos o absolutos, tal y como queda demostrado con las secuencias de URL de archivos y saltos de directorio. NOTA: este producto no está relacionado con Ignite Realtime Spark. • http://sparkjava.com/news#spark-272-released https://access.redhat.com/errata/RHSA-2018:2020 https://access.redhat.com/errata/RHSA-2018:2405 https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668 https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cd https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc https://github.com/perwendel/spark/issues/981 https://access.redhat.com/security/cve/CVE-2018-9159 https://bugzilla.redhat.com/show_bug • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-9177 – Spark: Directory traversal vulnerability in version 2.5
https://notcve.org/view.php?id=CVE-2016-9177
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en Spark 2.5 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en la URI. A path traversal issue was found in Spark version 2.5 and potentially earlier versions. • http://seclists.org/fulldisclosure/2016/Nov/13 http://www.securityfocus.com/bid/94218 https://access.redhat.com/errata/RHSA-2017:0868 https://github.com/perwendel/spark/issues/700 https://access.redhat.com/security/cve/CVE-2016-9177 https://bugzilla.redhat.com/show_bug.cgi?id=1393607 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •