WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.
http://netty.io/news/2014/04/30/release-day.html
http://rhn.redhat.com/errata/RHSA-2014-1019.html
http://rhn.redhat.com/errata/RHSA-2014-1020.html
http://rhn.redhat.com/errata/RHSA-2014-1021.html
http://rhn.redhat.com/errata/RHSA-2014-1351.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://secunia.com/advisories/58280
http://secunia.com/advisories/59290
http://www.securityfocus.com/bid/67182
https://github.com/netty/netty/issues/2441
https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E
OR
cpe:2.3:a:netty:netty:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.6:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.7:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.6.8:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
133814 | Debian DLA-2110-1 : netty-3.9 security update | Nessus | Debian Local Security Checks | medium |
77079 | RHEL 6 : JBoss EAP (RHSA-2014:1020) | Nessus | Red Hat Local Security Checks | medium |
77078 | RHEL 5 : JBoss EAP (RHSA-2014:1019) | Nessus | Red Hat Local Security Checks | medium |