CVE-2020-7238 – netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
https://notcve.org/view.php?id=CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. Netty versión 4.1.43.Final, permite el tráfico no autorizado de peticiones HTTP porque maneja inapropiadamente el espacio en blanco de Transfer-Encoding (tal y como una línea [space]Transfer-Encoding:chunked) y un encabezado Content-Length posterior. Este problema existe debido a una corrección incompleta para el CVE-2019-16869. A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. • https://access.redhat.com/errata/RHSA-2020:0497 https://access.redhat.com/errata/RHSA-2020:0567 https://access.redhat.com/errata/RHSA-2020:0601 https://access.redhat.com/errata/RHSA-2020:0605 https://access.redhat.com/errata/RHSA-2020:0606 https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0811 https://github.com/jdordonezn/CVE-2020 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2019-10212 – undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files
https://notcve.org/view.php?id=CVE-2019-10212
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. Se encontró un fallo en, todas las versiones por debajo de la 2.0.20, en el registro DEBUG de Undertow para io.undertow.request.security. Si está habilitado, un atacante podría abusar de este fallo para conseguir las credenciales del usuario de los archivos de registro. A flaw was found in the Undertow DEBUG log for io.undertow.request.security. • https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2020:0727 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212 https://security.netapp.com/advisory/ntap-20220210-0017 https://access.redhat.com/security/cve/CVE-2019-10212 https://bugzilla.redhat.com/show_bug.cgi?id=1731984 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2019-16869 – netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
https://notcve.org/view.php?id=CVE-2019-16869
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. Netty versiones anteriores a 4.1.42.Final, maneja inapropiadamente los espacios en blanco antes de los dos puntos en los encabezados HTTP (tal y como una línea "Transfer-Encoding : chunked"), lo que conlleva al tráfico no autorizado de peticiones HTTP. A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling. • https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:3901 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final https://github.com/netty/netty/issues/9571 https& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2019-10184 – undertow: Information leak in requests for directories without trailing slashes
https://notcve.org/view.php?id=CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. Undertow en versiones anteriores a la 2.0.23.Final es vulnerable a un problema de fuga de información. Las aplicaciones web pueden tener sus estructuras de directorio predecibles a través de solicitudes sin barras finales mediante la API. • https://access.redhat.com/errata/RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2019:3044 https://access.redhat.com/errata/RHSA-2019:3045 https://access.redhat.com/errata/RHSA-2019:3046 https://access.redhat.com/errata/RHSA-2019:3050 https://access.redhat.com/errata/RHSA • CWE-862: Missing Authorization •
CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •