Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for jboss_enterprise_application_platform_text-only_advisories by redhat

    CVE-2023-3223 (GCVE-0-2023-3223)

    Vulnerability from nvd – Published: 2023-09-27 13:54 – Updated: 2024-08-02 06:48
    VLAI
    Title
    Undertow: outofmemoryerror due to @multipartconfig handling
    Summary
    A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:4505 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4506 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4507 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4509 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4918 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4919 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4920 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4921 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7247 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-3223 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2209689 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2023102…
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Fuse 7.12.1     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1.0     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.25-3.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.25-3.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.25-3.SP3_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6.5     cpe:/a:redhat:red_hat_single_sign_on:7.6.5
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.9-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.9-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.9-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-27 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat Integration Service Registry     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens) Operational Tools     cpe:/a:redhat:openstack-optools:13
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Date Public
    2023-08-07 00:00
    Credits
    Red Hat would like to thank Keke Lian & Haoran Zhao (SecSys Lab) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3223",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-13T20:07:40.554787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-13T20:07:46.970Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:4505",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4505"
              },
              {
                "name": "RHSA-2023:4506",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4506"
              },
              {
                "name": "RHSA-2023:4507",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4507"
              },
              {
                "name": "RHSA-2023:4509",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4509"
              },
              {
                "name": "RHSA-2023:4918",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4918"
              },
              {
                "name": "RHSA-2023:4919",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4919"
              },
              {
                "name": "RHSA-2023:4920",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4920"
              },
              {
                "name": "RHSA-2023:4921",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4921"
              },
              {
                "name": "RHSA-2023:4924",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4924"
              },
              {
                "name": "RHSA-2023:7247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7247"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3223"
              },
              {
                "name": "RHBZ#2209689",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231027-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7.12.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.25-3.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.25-3.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.25-3.SP3_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.5"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7.6.5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.9-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.9-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.9-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-27",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Service Registry",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack-optools:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat OpenStack Platform 13 (Queens) Operational Tools",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat support for Spring Boot",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Keke Lian \u0026 Haoran Zhao (SecSys Lab) for reporting this issue."
            }
          ],
          "datePublic": "2023-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:37.244Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:4505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4505"
            },
            {
              "name": "RHSA-2023:4506",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4506"
            },
            {
              "name": "RHSA-2023:4507",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4507"
            },
            {
              "name": "RHSA-2023:4509",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4509"
            },
            {
              "name": "RHSA-2023:4918",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4918"
            },
            {
              "name": "RHSA-2023:4919",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4919"
            },
            {
              "name": "RHSA-2023:4920",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4920"
            },
            {
              "name": "RHSA-2023:4921",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4921"
            },
            {
              "name": "RHSA-2023:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4924"
            },
            {
              "name": "RHSA-2023:7247",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7247"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3223"
            },
            {
              "name": "RHBZ#2209689",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231027-0004/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-24T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-08-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: outofmemoryerror due to @multipartconfig handling",
          "x_redhatCweChain": "CWE-789: Memory Allocation with Excessive Size Value"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3223",
        "datePublished": "2023-09-27T13:54:44.682Z",
        "dateReserved": "2023-06-13T15:50:40.922Z",
        "dateUpdated": "2024-08-02T06:48:07.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2487 (GCVE-0-2011-2487)

    Vulnerability from nvd – Published: 2020-03-11 15:45 – Updated: 2024-08-06 23:00
    VLAI
    Summary
    The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Date Public
    2013-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:00:33.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
              },
              {
                "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSS4J",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.5"
                }
              ]
            },
            {
              "product": "JBossWS",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "datePublic": "2013-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:06:54.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/57549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
            },
            {
              "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2487",
        "datePublished": "2020-03-11T15:45:46.000Z",
        "dateReserved": "2011-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:00:33.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7238 (GCVE-0-2020-7238)

    Vulnerability from nvd – Published: 2020-01-27 16:43 – Updated: 2024-08-04 09:25
    VLAI
    Summary
    Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://netty.io/news/ x_refsource_MISC
    https://github.com/jdordonezn/CVE-2020-72381/issues/1 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2020:0497 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2020:0601 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0606 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0605 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0567 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0806 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0804 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0805 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://www.debian.org/security/2021/dsa-4885 vendor-advisoryx_refsource_DEBIAN
    https://lists.apache.org/thread.html/rc8d554aad88… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r131e572d003… mailing-listx_refsource_MLIST
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://netty.io/news/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1"
              },
              {
                "name": "RHSA-2020:0497",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0497"
              },
              {
                "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
              },
              {
                "name": "RHSA-2020:0601",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0601"
              },
              {
                "name": "RHSA-2020:0606",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0606"
              },
              {
                "name": "RHSA-2020:0605",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0605"
              },
              {
                "name": "RHSA-2020:0567",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0567"
              },
              {
                "name": "RHSA-2020:0806",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0806"
              },
              {
                "name": "RHSA-2020:0811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0811"
              },
              {
                "name": "RHSA-2020:0804",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0804"
              },
              {
                "name": "RHSA-2020:0805",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0805"
              },
              {
                "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
              },
              {
                "name": "FEDORA-2020-66b5f85ccc",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
              },
              {
                "name": "DSA-4885",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4885"
              },
              {
                "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E"
              },
              {
                "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T16:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://netty.io/news/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1"
            },
            {
              "name": "RHSA-2020:0497",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0497"
            },
            {
              "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
            },
            {
              "name": "RHSA-2020:0601",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0601"
            },
            {
              "name": "RHSA-2020:0606",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0606"
            },
            {
              "name": "RHSA-2020:0605",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0605"
            },
            {
              "name": "RHSA-2020:0567",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0567"
            },
            {
              "name": "RHSA-2020:0806",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0806"
            },
            {
              "name": "RHSA-2020:0811",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0811"
            },
            {
              "name": "RHSA-2020:0804",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0804"
            },
            {
              "name": "RHSA-2020:0805",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0805"
            },
            {
              "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
            },
            {
              "name": "FEDORA-2020-66b5f85ccc",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
            },
            {
              "name": "DSA-4885",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4885"
            },
            {
              "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-7238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://netty.io/news/",
                  "refsource": "MISC",
                  "url": "https://netty.io/news/"
                },
                {
                  "name": "https://github.com/jdordonezn/CVE-2020-72381/issues/1",
                  "refsource": "MISC",
                  "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1"
                },
                {
                  "name": "RHSA-2020:0497",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0497"
                },
                {
                  "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
                },
                {
                  "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
                },
                {
                  "name": "RHSA-2020:0601",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0601"
                },
                {
                  "name": "RHSA-2020:0606",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0606"
                },
                {
                  "name": "RHSA-2020:0605",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0605"
                },
                {
                  "name": "RHSA-2020:0567",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0567"
                },
                {
                  "name": "RHSA-2020:0806",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0806"
                },
                {
                  "name": "RHSA-2020:0811",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0811"
                },
                {
                  "name": "RHSA-2020:0804",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0804"
                },
                {
                  "name": "RHSA-2020:0805",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0805"
                },
                {
                  "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
                },
                {
                  "name": "FEDORA-2020-66b5f85ccc",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
                },
                {
                  "name": "DSA-4885",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4885"
                },
                {
                  "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E"
                },
                {
                  "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-7238",
        "datePublished": "2020-01-27T16:43:44.000Z",
        "dateReserved": "2020-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:25:48.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3223 (GCVE-0-2023-3223)

    Vulnerability from cvelistv5 – Published: 2023-09-27 13:54 – Updated: 2024-08-02 06:48
    VLAI
    Title
    Undertow: outofmemoryerror due to @multipartconfig handling
    Summary
    A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:4505 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4506 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4507 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4509 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4918 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4919 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4920 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4921 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7247 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-3223 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2209689 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2023102…
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Fuse 7.12.1     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1.0     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.25-3.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.25-3.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.25-3.SP3_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6.5     cpe:/a:redhat:red_hat_single_sign_on:7.6.5
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.9-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.9-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.9-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-27 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat Integration Service Registry     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens) Operational Tools     cpe:/a:redhat:openstack-optools:13
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Date Public
    2023-08-07 00:00
    Credits
    Red Hat would like to thank Keke Lian & Haoran Zhao (SecSys Lab) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3223",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-13T20:07:40.554787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-13T20:07:46.970Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:4505",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4505"
              },
              {
                "name": "RHSA-2023:4506",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4506"
              },
              {
                "name": "RHSA-2023:4507",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4507"
              },
              {
                "name": "RHSA-2023:4509",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4509"
              },
              {
                "name": "RHSA-2023:4918",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4918"
              },
              {
                "name": "RHSA-2023:4919",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4919"
              },
              {
                "name": "RHSA-2023:4920",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4920"
              },
              {
                "name": "RHSA-2023:4921",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4921"
              },
              {
                "name": "RHSA-2023:4924",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4924"
              },
              {
                "name": "RHSA-2023:7247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7247"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3223"
              },
              {
                "name": "RHBZ#2209689",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231027-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7.12.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.25-3.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.25-3.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.25-3.SP3_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.5"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7.6.5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.9-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.9-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.9-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-27",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Service Registry",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack-optools:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat OpenStack Platform 13 (Queens) Operational Tools",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat support for Spring Boot",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Keke Lian \u0026 Haoran Zhao (SecSys Lab) for reporting this issue."
            }
          ],
          "datePublic": "2023-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:37.244Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:4505",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4505"
            },
            {
              "name": "RHSA-2023:4506",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4506"
            },
            {
              "name": "RHSA-2023:4507",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4507"
            },
            {
              "name": "RHSA-2023:4509",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4509"
            },
            {
              "name": "RHSA-2023:4918",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4918"
            },
            {
              "name": "RHSA-2023:4919",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4919"
            },
            {
              "name": "RHSA-2023:4920",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4920"
            },
            {
              "name": "RHSA-2023:4921",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4921"
            },
            {
              "name": "RHSA-2023:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4924"
            },
            {
              "name": "RHSA-2023:7247",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7247"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3223"
            },
            {
              "name": "RHBZ#2209689",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231027-0004/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-24T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-08-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: outofmemoryerror due to @multipartconfig handling",
          "x_redhatCweChain": "CWE-789: Memory Allocation with Excessive Size Value"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3223",
        "datePublished": "2023-09-27T13:54:44.682Z",
        "dateReserved": "2023-06-13T15:50:40.922Z",
        "dateUpdated": "2024-08-02T06:48:07.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2487 (GCVE-0-2011-2487)

    Vulnerability from cvelistv5 – Published: 2020-03-11 15:45 – Updated: 2024-08-06 23:00
    VLAI
    Summary
    The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Date Public
    2013-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:00:33.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
              },
              {
                "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSS4J",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.5"
                }
              ]
            },
            {
              "product": "JBossWS",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "datePublic": "2013-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:06:54.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/57549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
            },
            {
              "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2487",
        "datePublished": "2020-03-11T15:45:46.000Z",
        "dateReserved": "2011-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:00:33.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7238 (GCVE-0-2020-7238)

    Vulnerability from cvelistv5 – Published: 2020-01-27 16:43 – Updated: 2024-08-04 09:25
    VLAI
    Summary
    Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://netty.io/news/ x_refsource_MISC
    https://github.com/jdordonezn/CVE-2020-72381/issues/1 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2020:0497 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2020:0601 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0606 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0605 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0567 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0806 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0804 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0805 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://www.debian.org/security/2021/dsa-4885 vendor-advisoryx_refsource_DEBIAN
    https://lists.apache.org/thread.html/rc8d554aad88… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r131e572d003… mailing-listx_refsource_MLIST
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://netty.io/news/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1"
              },
              {
                "name": "RHSA-2020:0497",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0497"
              },
              {
                "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
              },
              {
                "name": "RHSA-2020:0601",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0601"
              },
              {
                "name": "RHSA-2020:0606",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0606"
              },
              {
                "name": "RHSA-2020:0605",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0605"
              },
              {
                "name": "RHSA-2020:0567",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0567"
              },
              {
                "name": "RHSA-2020:0806",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0806"
              },
              {
                "name": "RHSA-2020:0811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0811"
              },
              {
                "name": "RHSA-2020:0804",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0804"
              },
              {
                "name": "RHSA-2020:0805",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0805"
              },
              {
                "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
              },
              {
                "name": "FEDORA-2020-66b5f85ccc",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
              },
              {
                "name": "DSA-4885",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4885"
              },
              {
                "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E"
              },
              {
                "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T16:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://netty.io/news/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1"
            },
            {
              "name": "RHSA-2020:0497",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0497"
            },
            {
              "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
            },
            {
              "name": "RHSA-2020:0601",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0601"
            },
            {
              "name": "RHSA-2020:0606",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0606"
            },
            {
              "name": "RHSA-2020:0605",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0605"
            },
            {
              "name": "RHSA-2020:0567",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0567"
            },
            {
              "name": "RHSA-2020:0806",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0806"
            },
            {
              "name": "RHSA-2020:0811",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0811"
            },
            {
              "name": "RHSA-2020:0804",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0804"
            },
            {
              "name": "RHSA-2020:0805",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0805"
            },
            {
              "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
            },
            {
              "name": "FEDORA-2020-66b5f85ccc",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
            },
            {
              "name": "DSA-4885",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4885"
            },
            {
              "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-7238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://netty.io/news/",
                  "refsource": "MISC",
                  "url": "https://netty.io/news/"
                },
                {
                  "name": "https://github.com/jdordonezn/CVE-2020-72381/issues/1",
                  "refsource": "MISC",
                  "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1"
                },
                {
                  "name": "RHSA-2020:0497",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0497"
                },
                {
                  "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
                },
                {
                  "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
                },
                {
                  "name": "RHSA-2020:0601",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0601"
                },
                {
                  "name": "RHSA-2020:0606",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0606"
                },
                {
                  "name": "RHSA-2020:0605",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0605"
                },
                {
                  "name": "RHSA-2020:0567",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0567"
                },
                {
                  "name": "RHSA-2020:0806",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0806"
                },
                {
                  "name": "RHSA-2020:0811",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0811"
                },
                {
                  "name": "RHSA-2020:0804",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0804"
                },
                {
                  "name": "RHSA-2020:0805",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0805"
                },
                {
                  "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
                },
                {
                  "name": "FEDORA-2020-66b5f85ccc",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
                },
                {
                  "name": "DSA-4885",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4885"
                },
                {
                  "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E"
                },
                {
                  "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-7238",
        "datePublished": "2020-01-27T16:43:44.000Z",
        "dateReserved": "2020-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:25:48.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }