Jboss EAP Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-7238 - Vulnerability Database

Jboss EAP

Jboss EAP Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-7238

High

Reference: CVE-2020-7238

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-7238

Title: Jboss EAP Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability

Overview:

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a spaceTransfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.