This security advisory describes one medium risk vulnerability.
The vulnerability allows a remote attacker to perform HTTP request smuggling attack.The vulnerability exists due to improper input validation when processing a whitespace before the colon in HTTP headers (e.g. "Transfer-Encoding : chunked") and a later Content-Length header. A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.
This issue exists because of an incomplete fix for CVE-2019-16869 (SB2019092616).
Install updates from vendor's website.Vulnerable software versions
Netty: 4.1.43, 4.1.44CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.