Netty 环境问题漏洞

CNNVD-ID编号	CNNVD-202001-1170
CVE编号	CVE-2020-7238
发布时间	2020-01-27
更新时间	2020-10-29
漏洞类型	环境问题
漏洞来源	N/A
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

Netty是Netty社区的一款非阻塞I/O客户端-服务器框架，它主要用于开发Java网络应用程序，如协议服务器和客户端等。

Netty 4.1.43.Final版本中存在环境问题漏洞。该漏洞源于网络系统或产品的环境因素不合理。

漏洞补丁

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

http://cn.dota2.com/

参考网址

来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0806
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0805
来源:netty.io

链接：https://netty.io/news/
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0606
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0804
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0605
来源:MISC

链接：https://github.com/jdordonezn/CVE-2020-72381/issues/1
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0567
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0811
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0601
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0497
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0497
来源:lists.debian.org

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158650/Red-Hat-Security-Advisory-2020-3196-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156701/Red-Hat-Security-Advisory-2020-0804-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157214/Red-Hat-Security-Advisory-2020-1445-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156611/Red-Hat-Security-Advisory-2020-0567-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3703/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0504/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0786/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2588/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0691/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156325/Red-Hat-Security-Advisory-2020-0497-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156880/Red-Hat-Security-Advisory-2020-0951-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2619/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-netty-vulnerability-cve-2020-7238/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1766/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Netty-information-disclosure-via-Transfer-Encoding-Whitespace-Request-Smuggling-31647
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1882/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1335/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-operations-analytics-predictive-insights-cve-2020-7238/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156868/Red-Hat-Security-Advisory-2020-0939-01.html
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/48952
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3655/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0915/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2020-7238
来源:http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16

链接：http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-tester-
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2379/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0583/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1858/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3049/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1030/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager-cve-2020-7238/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tieringcve-2020-7238/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159724/Red-Hat-Security-Advisory-2020-4366-01.html

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202001-1170