Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
3.6.0
-
None
Description
-> HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.. Impacted Image File(s): /root/james-server-cassandra-guice.lib/netty-3.10.6.Final.jar
-> HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold.". Impacted Image File(s): /root/james-server-cassandra-guice.lib/netty-3.10.6.Final.jar
-> JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.. Impacted Image File(s): /root/james-server-cassandra-guice.lib/jgroups-3.6.13.Final.jar