Vulnerability Name:

CVE-2021-43797 (CCN-215118)

Assigned:2021-12-09
Published:2021-12-09
Updated:2023-02-24
Summary:Netty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header names. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-43797

Source: XF
Type: UNKNOWN
netty-cve202143797-request-smuggling(215118)

Source: security-advisories@github.com
Type: Patch, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: Netty GIT Repository
HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: CCN
Type: IBM Security Bulletin 6540616 (Cloud Pak for Integration)
Operations Dashboard is vulnerable to Netty CVE-2021-43797

Source: CCN
Type: IBM Security Bulletin 6566821 (Tivoli Netcool/OMNIbus)
IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to HTTP request smuggling due to Netty (CVE-2021-43797)

Source: CCN
Type: IBM Security Bulletin 6568833 (Watson Assistant for Cloud Pak for Data)
Vulnerability in Netty - CVE-2021-43797 may affect IBM Watson Assistant for IBM Cloud Pak for Data.

Source: CCN
Type: IBM Security Bulletin 6570679 (Security Guardium Insights)
IBM Security Guardium Insights is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6578693 (MaaS360)
IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)

Source: CCN
Type: IBM Security Bulletin 6599641 (Cloud Pak for Multicloud Management Monitoring)
IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to several attack vectors due to its use of Apache Netty (CVE-2021-37136, CVE-2021-37137, CVE-2021-43797)

Source: CCN
Type: IBM Security Bulletin 6607599 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6615285 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6616545 (Netcool Operations Insight)
Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6831007 (Sterling Order Management)
IBM Sterling Order Management Netty 4.1.34 vulnerablity

Source: CCN
Type: IBM Security Bulletin 6842123 (Operations Analytics Predictive Insights)
Multiple vulnerabilities in Netty libraries affect IBM Operations Analytics Predictive Insights (CVE-2021-43797 CVE-2022-24823)

Source: CCN
Type: IBM Security Bulletin 6967012 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 6967333 (QRadar SIEM)
IBM QRadar SIEM includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6980407 (Sterling Order Management)
Netty Vulnerabilites 4.0.37

Source: CCN
Type: IBM Security Bulletin 7001867 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7002487 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Netty

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: security-advisories@github.com
Type: Patch, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: security-advisories@github.com
Type: Patch, Third Party Advisory
security-advisories@github.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8044
    P
    		netty3-3.10.6-150200.3.7.3 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:3696
    P
    		libvirglrenderer0-0.5.0-11.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95326
    P
    		Security update for netty3 (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:521
    P
    		Security update for netty3 (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:1180
    P
    		Security update for netty3 (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:101847
    P
    		Security update for netty3 (Moderate) (in QA)
    2022-04-11
    oval:org.opensuse.security:def:113026
    P
    		netty-4.1.72-1.1 on GA media (Moderate)
    2022-01-17
    BACK
    ibm tivoli netcool/omnibus 8.1.0
    ibm operations analytics predictive insights 1.3.6
    oracle banking platform 2.6.2
    ibm cloud transformation advisor 2.0.1
    ibm qradar security information and event manager 7.4 -
    ibm cognos analytics 11.2.0
    ibm cognos analytics 11.1.7
    ibm cognos analytics 11.2.1
    ibm cloud pak for security 1.10.0.0