CVE-2019-16869 : Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

Published 2019-09-26 16:15:12

Updated 2022-03-30 14:21:30

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-16869

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 7.2
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 6.0
When used together with: Redhat » Enterprise Linux » Version: 7.0
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Jboss Enterprise Application Platform » Version: 7.3
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 6.0
When used together with: Redhat » Enterprise Linux » Version: 7.0
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Jboss Enterprise Application Platform » Version: 7.4
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 6.0
When used together with: Redhat » Enterprise Linux » Version: 7.0
When used together with: Redhat » Enterprise Linux » Version: 8.0
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Netty » Netty
Versions before (<) 4.1.42
cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-16869

EPSS FAQ

1.98%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-16869

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2019-16869

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-16869

https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b@%3Cissues.spark.apache.org%3E

[jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E

[jira] [Created] (FLINK-19195) question on security vulnerabilities in flink - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d@%3Cdev.zookeeper.apache.org%3E

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 - Pony Mail
Mailing List;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html

[SECURITY] [DLA 2365-1] netty-3.9 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb@%3Cissues.spark.apache.org%3E

[jira] [Issue Comment Deleted] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c@%3Cdev.zookeeper.apache.org%3E

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c@%3Cissues.spark.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e@%3Ccommits.cassandra.apache.org%3E

[jira] [Created] (CASSANDRA-15418) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 for Cassendra 2.2.5 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79@%3Cissues.zookeeper.apache.org%3E

[jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac@%3Cissues.spark.apache.org%3E

[jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f@%3Cissues.zookeeper.apache.org%3E

[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0@%3Cissues.spark.apache.org%3E

[jira] [Created] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b@%3Ccommits.zookeeper.apache.org%3E

[zookeeper] branch branch-3.5 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://usn.ubuntu.com/4532-1/

USN-4532-1: Netty vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E

[GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E

[camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444) - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0@%3Ccommits.zookeeper.apache.org%3E

[zookeeper] branch master updated: ZOOKEEPER-3563: Update Netty to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0@%3Cissues.zookeeper.apache.org%3E

[jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://www.debian.org/security/2020/dsa-4597

Debian -- Security Information -- DSA-4597-1 netty
Third Party Advisory
https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266@%3Cissues.zookeeper.apache.org%3E

[jira] [Resolved] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html

[SECURITY] [DLA 1941-1] netty security update
Mailing List;Third Party Advisory
https://github.com/netty/netty/issues/9571

http request smuggling, cause by obfuscating TE header · Issue #9571 · netty/netty · GitHub
Exploit;Issue Tracking;Patch;Third Party Advisory
https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E

[jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030@%3Cdev.olingo.apache.org%3E

[jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54@%3Cissues.zookeeper.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E

[GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769@%3Cdev.zookeeper.apache.org%3E

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E

[GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E

[GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d@%3Cdev.zookeeper.apache.org%3E

[jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8@%3Cdev.olingo.apache.org%3E

[jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E

[jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd@%3Cdev.olingo.apache.org%3E

[jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f@%3Cissues.spark.apache.org%3E

[jira] [Updated] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E

[jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E

[hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0164

RHSA-2020:0164 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E

[hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0159

RHSA-2020:0159 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://seclists.org/bugtraq/2020/Jan/6

Bugtraq: [SECURITY] [DSA 4597-1] netty security update
Issue Tracking;Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E

[jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d@%3Cissues.zookeeper.apache.org%3E

[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b@%3Cissues.zookeeper.apache.org%3E

[jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty with CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final

Comparing netty-4.1.41.Final...netty-4.1.42.Final · netty/netty · GitHub
Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0445

RHSA-2020:0445 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0160

RHSA-2020:0160 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r3225f7dfe6b8a37e800ecb8e31abd7ac6c4312dbd3223dd8139c37bb@%3Ccommits.cassandra.apache.org%3E

[jira] [Commented] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E

[GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0161

RHSA-2020:0161 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E

[jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:3901

RHSA-2019:3901 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E

[jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:3892

RHSA-2019:3892 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7@%3Cissues.zookeeper.apache.org%3E

[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69@%3Cdev.olingo.apache.org%3E

[jira] [Resolved] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe@%3Cissues.spark.apache.org%3E

[jira] [Resolved] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a@%3Ccommits.cassandra.apache.org%3E

[jira] [Created] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

[GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89@%3Cissues.spark.apache.org%3E

[jira] [Comment Edited] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e@%3Ccommits.zookeeper.apache.org%3E

[zookeeper] branch branch-3.5.6 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c@%3Cdev.olingo.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3@%3Cdev.olingo.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r73c400ab66d79821dec9e3472f0e2c048d528672bdb0f8bf44d7cb1f@%3Ccommits.cassandra.apache.org%3E

[jira] [Updated] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E

[jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf@%3Cdev.olingo.apache.org%3E

[jira] [Updated] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac@%3Ccommits.tinkerpop.apache.org%3E

[tinkerpop] branch tp34 updated: Bump to Netty 4.1.42 fixes CVE-2019-16869 - CTR - Pony Mail
Mailing List;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html

[SECURITY] [DLA 2110-1] netty-3.9 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E

[hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833@%3Cdev.rocketmq.apache.org%3E

[GitHub] [rocketmq] coveralls commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E

[jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E

[jira] [Created] (FLINK-19195) question on security vulnerabilities in flink - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a@%3Cdev.rocketmq.apache.org%3E

[GitHub] [rocketmq] codecov-io commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-16869

Products affected by CVE-2019-16869

Exploit prediction scoring system (EPSS) score for CVE-2019-16869

CVSS scores for CVE-2019-16869

CWE ids for CVE-2019-16869

References for CVE-2019-16869