VDB

CVE-2019-20444

CVE-2019-20444 PUBLISHED

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

EPSS 18.32% · 95.3th percentile

Risk Scores

EPSS Score
18.32%
95.3th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSnetty-3.93.9.9.Final-1, 0
Ubuntu:16.04:LTSnetty-3.90, 3.9.0.Final-1
Ubuntu:Pro:14.04:LTSnetty1:3.2.6.Final-2, 0
Ubuntu:18.04:LTSnetty0, 1:4.1.7-4
Ubuntu:Pro:16.04:LTSnetty1:4.0.34-1ubuntu0.1~esm2, 1:4.0.34-1ubuntu0.1~esm3, *

Exploit Intelligence

…and 7 more exploits

Timeline

  • Jan 29, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Jul 14, 2023 EPSS Score
  • Nov 16, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›