Netty 环境问题漏洞

CNNVD-ID编号	CNNVD-201909-1264
CVE编号	CVE-2019-16869
发布时间	2019-09-26
更新时间	2021-01-27
漏洞类型	环境问题
漏洞来源	Ubuntu,Debian,Red Hat
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

Netty是Netty社区的一款非阻塞I/O客户端-服务器框架，它主要用于开发Java网络应用程序，如协议服务器和客户端等。

Netty 4.1.42.Final之前版本中存在安全漏洞。攻击者可利用该漏洞实施HTTP请求走私攻击。

漏洞补丁

目前厂商已发布升级了Netty 环境问题漏洞的补丁，Netty 环境问题漏洞的补丁获取链接：

https://github.com/netty/netty/issues/9571

参考网址

来源:MLIST

链接：https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c@%3Cissues.spark.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0@%3Ccommits.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0@%3Cissues.spark.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd@%3Cdev.olingo.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0164
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0161
来源:MLIST

链接：https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a@%3Ccommits.cassandra.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2019:3892
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0160
来源:MLIST

链接：https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030@%3Cdev.olingo.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0445
来源:MLIST

链接：https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe@%3Cissues.spark.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d@%3Cdev.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c@%3Cdev.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b@%3Ccommits.zookeeper.apache.org%3E
来源:github.com

链接：https://github.com/netty/netty/issues/9571
来源:github.com

链接：https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final
来源:MLIST

链接：https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833@%3Cdev.rocketmq.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
来源:UBUNTU

链接：https://usn.ubuntu.com/4532-1/
来源:MLIST

链接：https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f@%3Cissues.spark.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d@%3Cdev.zookeeper.apache.org%3E
来源:DEBIAN

链接：https://www.debian.org/security/2020/dsa-4597
来源:MLIST

链接：https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3@%3Cdev.olingo.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb@%3Cissues.spark.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7@%3Cissues.zookeeper.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2019:3901
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2020/Jan/6
来源:MLIST

链接：https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769@%3Cdev.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69@%3Cdev.olingo.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
来源:MLIST

链接：https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac@%3Ccommits.tinkerpop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8@%3Cdev.olingo.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a@%3Cdev.rocketmq.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf@%3Cdev.olingo.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c@%3Cdev.olingo.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e@%3Ccommits.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html
来源:MLIST

链接：https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54@%3Cissues.zookeeper.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html
来源:MLIST

链接：https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89@%3Cissues.spark.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0@%3Cissues.zookeeper.apache.org%3E
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0159
来源:MLIST

链接：https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac@%3Cissues.spark.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b@%3Cissues.spark.apache.org%3E
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2019:3892
来源:www.debian.org

链接：https://www.debian.org/security/2020/dsa-4597
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0445
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1109787
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1109781
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1108515
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1109775
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0164
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0161
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0160
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0159
来源:lists.debian.org

链接：https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2019:3901
来源:lists.debian.org

链接：https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155382/Red-Hat-Security-Advisory-2019-3901-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1427/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157214/Red-Hat-Security-Advisory-2020-1445-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-netty-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-16869/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-operations-analytics-predictive-insights-cve-2019-16869/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4586/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4332/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157859/Red-Hat-Security-Advisory-2020-2333-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-netty-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2019-16869/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.3675/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2619/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156852/Red-Hat-Security-Advisory-2020-0922-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155845/Debian-Security-Advisory-4597-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1882/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1335/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3655/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158651/Red-Hat-Security-Advisory-2020-3197-01.html
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-16869
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Netty-information-disclosure-via-HTTP-Request-Smuggling-30480
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156241/Red-Hat-Security-Advisory-2020-0445-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0216/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0045/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0450/
来源:http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16

链接：http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-tester-
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2379/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0583/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4370/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155352/Red-Hat-Security-Advisory-2019-3892-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156011/Red-Hat-Security-Advisory-2020-0159-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1858/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1030/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3055/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159269/Ubuntu-Security-Notice-USN-4532-1.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-the-ibm-performance-management-product-cve-2019-16869/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157835/Red-Hat-Security-Advisory-2020-2321-01.html

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201909-1264