In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade RHEL:7
eap7-jboss-server-migration-core
to version 0:1.3.1-8.Final_redhat_00009.1.el7eap or higher.
This issue was patched in RHSA-2020:0805
.
Note: Versions mentioned in the description apply only to the upstream eap7-jboss-server-migration-core
package and not the eap7-jboss-server-migration-core
package as distributed by RHEL
.
See How to fix?
for RHEL:7
relevant fixed versions and status.
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.