CVE-2021-21409
Possible request smuggling in HTTP/2 due missing validation of content-length
Em resumo
O Netty não valida corretamente o header content-length em requisições HTTP/2 específicas, permitindo que um atacante contrabandear requisições maliciosas através de proxies. Isso pode resultar em interceptação, envenenamento de cache ou execução de ações não autorizadas.
Detalhe técnico
CVE-2021-21409 é uma vulnerabilidade de contrabando de requisições HTTP no codec HTTP/2 do Netty, onde a validação de content-length é contornada quando um único Http2HeaderFrame possui endStream=true. O problema ocorre durante a tradução HTTP/2 para HTTP/1.1 em proxies, permitindo injeção de requisições que são interpretadas diferentemente por sistemas upstream e downstream.
Resumo gerado e traduzido por IA a partir da descrição oficial.
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
netty · nettyQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpjhttps://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E