Vulnerability Name:

CVE-2020-7238 (CCN-175398)

Assigned:2020-01-26
Published:2020-01-26
Updated:2021-05-27
Summary:Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-444
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-7238

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0497

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0567

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0601

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0605

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0606

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0804

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0805

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0806

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0811

Source: XF
Type: UNKNOWN
netty-cve20207238-request-smuggling(175398)

Source: CCN
Type: GitHub Web site
HTTP Request Smuggling in Netty - 4.1.43.Final #1

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/jdordonezn/CVE-2020-72381/issues/1

Source: MLIST
Type: Mailing List, Vendor Advisory
[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty

Source: MLIST
Type: Mailing List, Vendor Advisory
[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-66b5f85ccc

Source: CCN
Type: Netty Web site
Netty

Source: MISC
Type: Vendor Advisory
https://netty.io/news/

Source: DEBIAN
Type: Third Party Advisory
DSA-4885

Source: CCN
Type: IBM Security Bulletin 5225019 (Operations Analytics Predictive Insights)
A vulnerability in netty affects IBM Operations Analytics Predictive Insights (CVE-2020-7238)

Source: CCN
Type: IBM Security Bulletin 5692628 (Rational Test Virtualization Server)
Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444)

Source: CCN
Type: IBM Security Bulletin 6214293 (InfoSphere Guardium Activity Monitor)
IBM Security Guardium Insights is affected by a Netty vulnerability

Source: CCN
Type: IBM Security Bulletin 6216860 (Spectrum Scale)
A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238)

Source: CCN
Type: IBM Security Bulletin 6252833 (Netcool Agile Service Manager)
Vulnerabilities in Netty affect IBM Netcool Agile Service Manager (CVE-2020-7238)

Source: CCN
Type: IBM Security Bulletin 6338531 (Cloud Private)
IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-7238)

Source: CCN
Type: IBM Security Bulletin 6449286 (Watson Machine Learning Server on-prem)
Netty security vulnerabilities on IBM Watson Machine Learning Server

Source: CCN
Type: IBM Security Bulletin 6466365 (DB2 for Linux, UNIX and Windows)
Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation.

Source: CCN
Type: IBM Security Bulletin 6830983 (Sterling Order Management)
IBM Sterling Order Management Netty 4.1.34 vulnerablity

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-7238

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netty:netty:4.1.43:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:openshift_application_runtimes_text-only_advisories:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_test_workbench:9.2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:netcool_agile_service_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_guardium_activity_monitor:10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_guardium_activity_monitor:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:202072380000000
    V
    		CVE-2020-7238 on Ubuntu 18.04 LTS (bionic) - untriaged.
    2020-01-27
    oval:com.ubuntu.xenial:def:202072380000000
    V
    		CVE-2020-7238 on Ubuntu 16.04 LTS (xenial) - untriaged.
    2020-01-27
    BACK
    netty netty 4.1.43
    fedoraproject fedora 33
    debian debian linux 8.0
    debian debian linux 9.0
    debian debian linux 10.0
    redhat jboss enterprise application platform 7.2
    redhat jboss enterprise application platform 7.3
    redhat jboss enterprise application platform 7.4
    redhat jboss enterprise application platform text-only advisories -
    redhat openshift application runtimes text-only advisories -
    ibm db2 11.1
    ibm db2 11.1
    ibm db2 11.1
    ibm operations analytics predictive insights 1.3.6
    ibm rational test workbench 9.2.1.1
    ibm netcool agile service manager 1.1
    ibm infosphere guardium activity monitor 10.6
    ibm infosphere guardium activity monitor 11.0
    ibm cloud private 3.2.1 cd
    ibm cloud private 3.2.2 cd
    ibm db2 11.5
    ibm db2 11.5
    ibm db2 11.5