CVSS: 5.9EPSS: 1%CPEs: 28EXPL: 0CVE-2021-21409 – Possible request smuggling in HTTP/2 due missing validation of content-length
https://notcve.org/view.php?id=CVE-2021-21409
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295 https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432 https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32 https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E https:& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-25724 – resteasy: information disclosure via HTTP response reuse
https://notcve.org/view.php?id=CVE-2020-25724
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected. Se encontró un fallo en RESTEasy, donde es proporcionada una respuesta incorrecta para una petición HTTP. • https://bugzilla.redhat.com/show_bug.cgi?id=1899354 https://security.netapp.com/advisory/ntap-20210702-0003 https://access.redhat.com/security/cve/CVE-2020-25724 • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20289 – resteasy: Error message exposes endpoint class information
https://notcve.org/view.php?id=CVE-2021-20289
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. Se detectó un fallo en RESTEasy en todas las versiones de RESTEasy hasta 4.6.0.Final. Los nombres de métodos y clases de endpoint son devueltos como parte de la respuesta de excepción cuando RESTEasy no puede convertir uno de los valores de consulta o ruta del URI de petición a el valor del parámetro de método del recurso JAX-RS correspondiente. • https://bugzilla.redhat.com/show_bug.cgi?id=1935927 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2021-20289 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.9EPSS: 18%CPEs: 8EXPL: 0CVE-2021-21295 – Possible request smuggling in HTTP/2 due missing validation
https://notcve.org/view.php?id=CVE-2021-21295
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. • https://github.com/Netflix/zuul/pull/980 https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052%40%3Ccommits.servicecomb.apache.org • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20328 – MongoDB Java driver client-side field level encryption not verifying KMS host name
https://notcve.org/view.php?id=CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. • https://jira.mongodb.org/browse/JAVA-4017 https://access.redhat.com/security/cve/CVE-2021-20328 https://bugzilla.redhat.com/show_bug.cgi?id=1934236 • CWE-295: Improper Certificate Validation •