Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.892364 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for netty (DLA-2364-1) |
Zusammenfassung: | The remote host is missing an update for the 'netty'; package(s) announced via the DLA-2364-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'netty' package(s) announced via the DLA-2364-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in netty, a Java NIO client/server socket framework. CVE-2019-20444 HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an 'invalid fold.' CVE-2019-20445 HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. CVE-2020-7238 Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. CVE-2020-11612 The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. Affected Software/OS: 'netty' package(s) on Debian Linux. Solution: For Debian 9 stretch, these problems have been fixed in version 1:4.1.7-2+deb9u2. We recommend that you upgrade your netty packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-7238 Debian Security Information: DSA-4885 (Google Search) https://www.debian.org/security/2021/dsa-4885 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/ https://github.com/jdordonezn/CVE-2020-72381/issues/1 https://netty.io/news/ https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html RedHat Security Advisories: RHSA-2020:0497 https://access.redhat.com/errata/RHSA-2020:0497 RedHat Security Advisories: RHSA-2020:0567 https://access.redhat.com/errata/RHSA-2020:0567 RedHat Security Advisories: RHSA-2020:0601 https://access.redhat.com/errata/RHSA-2020:0601 RedHat Security Advisories: RHSA-2020:0605 https://access.redhat.com/errata/RHSA-2020:0605 RedHat Security Advisories: RHSA-2020:0606 https://access.redhat.com/errata/RHSA-2020:0606 RedHat Security Advisories: RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0804 RedHat Security Advisories: RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0805 RedHat Security Advisories: RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0806 RedHat Security Advisories: RHSA-2020:0811 https://access.redhat.com/errata/RHSA-2020:0811 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |