Vulnerability
CVE-2019-20445
[CVE-2019-20445] CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Description
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those
defined at NVD or other reporting sources; sign in for details.
Sign up and see:
Detailed deviation notices:
- Detailed deviations
- References
- Custom Descriptions [Coming Soon]