ID

VAR-202103-1554


CVE

CVE-2021-21409


TITLE

Netty Environmental problem loophole

Trust: 0.6

sources: CNNVD: CNNVD-202103-1685

DESCRIPTION

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 6 security update Advisory ID: RHSA-2021:2692-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:2692 Issue date: 2021-07-13 CVE Names: CVE-2021-3536 CVE-2021-21409 ===================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * netty: Request smuggling via content-length header (CVE-2021-21409) * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-20264 - [GSS](7.3.z) ISPN-12787 - Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation JBEAP-20503 - [GSS](7.3.z) WFCORE-5185 - Update ProviderDefinition to use optimised service loading API JBEAP-20623 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001 JBEAP-21178 - Tracker bug for the EAP 7.3.8 release for RHEL-6 JBEAP-21406 - [GSS](7.3.z) Upgrade Ironjacamar from 1.4.30.Final-redhat-00001 to 1.4.33.Final-redhat-00001 JBEAP-21421 - (7.3.z) Upgrade Infinispan from 9.4.22.Final-redhat-00001 to 9.4.23.Final-redhat-00001 JBEAP-21434 - (7.3.z) Upgrade wildfly-http-client from 1.0.26.Final-redhat-00001 to 1.0.28.Final-redhat-00001 JBEAP-21435 - (7.3.z) Upgrade Elytron from 1.10.12.Final-redhat-00001 to 1.10.13.Final-redhat-00001 JBEAP-21437 - (7.3.z) Upgrade netty from 4.1.60.Final to 4.1.63 JBEAP-21441 - (7.3.z) Upgrade Undertow from 2.0.35.SP1-redhat-00001 to 2.0.38.SP1-redhat-00001 JBEAP-21443 - (7.3.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001 JBEAP-21444 - (7.3.z) Upgrade wf-core from 10.1.20.Final-redhat-00001 to 10.1.21.Final-redhat-00001 JBEAP-21567 - [GSS](7.3.z) Upgrade HAL from 3.2.14.Final-redhat-00001 to 3.2.15.Final-redhat-00001 JBEAP-21582 - (7.3.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001 JBEAP-21739 - (7.3.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.6.3.Final-redhat-00001 JBEAP-21977 - [SET](7.3.z) Update product CP branch github template 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6 Server: Source: eap7-elytron-web-1.6.3-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.20-3.SP1_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.23-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.33-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jberet-1.3.8-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.23-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.2-7.Final_redhat_00008.1.el6eap.src.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.38-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.8-1.GA_redhat_00001.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.13-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.28-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-hal-console-3.2.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.20-3.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.20-3.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.20-3.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.20-3.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.20-3.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.33-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jberet-1.3.8-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jberet-core-1.3.8-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.23-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-7.Final_redhat_00008.1.el6eap.noarch.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.63-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.38-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.8-1.GA_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.13-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.13-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.28-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.28-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.28-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.28-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.8-1.GA_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.8-1.GA_redhat_00001.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2021-3536 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYO2QgNzjgjWX9erEAQgphBAAp7ZyTc68wBYysk4oE3fO4lT0ne2ubruh l4yAz6VgLS7xbckXxmtU27urR9HE6vijKZYz4qoUzB1IzacWDhaR6hvuuhpk7Hu6 GLJ0+YPOSxjWTJgx+YD5mTOxQCmRKtxg4oUzO1fA1KZYqeuAMfNPzBfrVReDE7Oi +eGiRINZawWjns/5KkdtulV+/77VhhGBf0CsOlK23mqX86C9BW4OBuFqBOTbWByL +pw4jSjpRDdxxT+tl8ffmkBxHDSc/MSw5HwpyDEfkeXJ/I0wYglCW7pDU6kgOVni DUIvXaF24KP51et14QNACUHmXTT6kYZ8knXqV7f99zYeCPRp3OVgp+f06uisSEP1 WJY28KHnqv5fB//GWoJII3nA4GwbZDXtFClxkgl4ENW1b6irsSXW15VAARm/IWS2 7nAZlg0PYtA1ONZ5zYyzUMlOZnRP7HNSORpOAn/N/N9xk4Pc3nxsx99B1UZs4Rad zY5yhLHoFg8GGWOjmDpO2/UTy5CM8EwhlxFuH+mW7HrxZpwQ3ReNC6/+Q+N5t3QT XQNG4ZLs3Y4k8ElUZTPU5gXo79Xy+gHRlyvj59V8qMV5Lyw/hLv30ZVbhHkNdu1J L6GY47/wRLpwt2AG322w9KmHUjPTsseF68SO2tmZUsC6xfdBcqK0P1TB7jEBwuiZ sXUR7+Da0Mg= =Xv5P -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 6. For the stable distribution (buster), these problems have been fixed in version 1:4.1.33-1+deb10u2. We recommend that you upgrade your netty packages. For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBrXn0ACgkQEMKTtsN8 TjYiIQ/+M3dHpXdXRxZlx12OSJNsJoZa52/7uKhM9Vg0HhdCYnq7RjXTI2zZmUu7 VbL/F1ixPFgHWZpFIwHPTxZ4qk5+qQKYj7JyU1g+NyL9MkVsAW7ccYj3gbp3Kgk6 bE2GEwfh0qSKDgolflLCudGsqF1J54T65kO5oQ+Gtbx/8+NJ0YrVrHsmG1O4IMHQ 6oK/znY6CmQtUSY1p8DCNTWp63hZYpGzg9Umv/y9TaYm3QeG1BNz3tQz8uaGZQWq LihkaTSpJoo7ezNUFYinaRECylpEf7MHgK+uYkJ0MZrZ+2wyMC6V0BATVwF2Aj7X VMrRBJTSf20z5u/k0m+y9k8cR8CcR3sWVo/7mpRJAIsvnyMQwKBmxjHSlVfzOqYK 91NB7OSi/ZDKOOsdQ5oW337FPQolCXl2DOe2UW9Z1K9XFs11VplsFxMkrzZtiwba dXhq6odVZwQfzjiWGj0yFftfJSAAs9B0I1L1EqW2QR7sN25YA1OosYsc5iYvUXD7 mhjU1RtqsXK3jI9TjGmXos+6Yj36iPncNwXBL4AKKPapV5qm6mHQkXTowW1NM5vu 8NokTjKtuixgb08CAQHNe202TpQ9kGHNTe2FDKRNFQrlTaoxt2DlmHbDiLn6i1Ue k4HImGqrUw9venxQ/vPZjTW6UaTbz0D9BPQcb9ApBOAgydEjJqE= =6i6I -----END PGP SIGNATURE-----

Trust: 1.71

sources: NVD: CVE-2021-21409 // VULHUB: VHN-379190 // VULMON: CVE-2021-21409 // PACKETSTORM: 163485 // PACKETSTORM: 163489 // PACKETSTORM: 163423 // PACKETSTORM: 165286 // PACKETSTORM: 164276 // PACKETSTORM: 164275 // PACKETSTORM: 169055

AFFECTED PRODUCTS

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:oraclemodel:nosql databasescope:ltversion:21.1.12

Trust: 1.0

vendor:netappmodel:oncommand api servicesscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:12.0.0.3

Trust: 1.0

vendor:oraclemodel:communications messaging serverscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:coherencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.10

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:quarkusmodel:quarkusscope:lteversion:1.13.7

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:helidonscope:eqversion:2.4.0

Trust: 1.0

vendor:oraclemodel:banking trade finance process managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:coherencescope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.11

Trust: 1.0

vendor:oraclemodel:banking trade finance process managementscope:eqversion:14.2.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.6.3

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:helidonscope:eqversion:1.4.10

Trust: 1.0

vendor:oraclemodel:communications design studioscope:eqversion:7.4.2.0.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.5.0

Trust: 1.0

vendor:nettymodel:nettyscope:ltversion:4.1.61

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:banking trade finance process managementscope:eqversion:14.3.0

Trust: 1.0

sources: NVD: CVE-2021-21409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21409
value: MEDIUM

Trust: 1.0

security-advisories@github.com: CVE-2021-21409
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202103-1685
value: MEDIUM

Trust: 0.6

VULHUB: VHN-379190
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21409
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21409
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-379190
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21409
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-379190 // VULMON: CVE-2021-21409 // CNNVD: CNNVD-202103-1685 // NVD: CVE-2021-21409 // NVD: CVE-2021-21409

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.1

sources: VULHUB: VHN-379190 // NVD: CVE-2021-21409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1685

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202103-1685

PATCH

title:Netty Remediation measures for environmental problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146083

Trust: 0.6

title:Debian CVElist Bug Report Logs: netty: CVE-2021-21409url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=23e6ecb2c9e3ae264a6a904e00c922b4

Trust: 0.1

title:Red Hat: CVE-2021-21409url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-21409

Trust: 0.1

title:Debian Security Advisories: DSA-4885-1 netty -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b857eb63eda3549d92d4cef6b191afe6

Trust: 0.1

title:Red Hat: Moderate: Satellite 6.11 Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225498 - Security Advisory

Trust: 0.1

title:CVE-2021-21409url:https://github.com/AlAIAL90/CVE-2021-21409

Trust: 0.1

title:test.mdurl:https://github.com/AwesomeAlpha/test.md

Trust: 0.1

sources: VULMON: CVE-2021-21409 // CNNVD: CNNVD-202103-1685

EXTERNAL IDS

db:NVDid:CVE-2021-21409

Trust: 2.5

db:PACKETSTORMid:163489

Trust: 0.8

db:PACKETSTORMid:163423

Trust: 0.8

db:PACKETSTORMid:167709

Trust: 0.7

db:PACKETSTORMid:162490

Trust: 0.7

db:PACKETSTORMid:163517

Trust: 0.7

db:PACKETSTORMid:162839

Trust: 0.7

db:CNNVDid:CNNVD-202103-1685

Trust: 0.7

db:AUSCERTid:ESB-2022.0872

Trust: 0.6

db:AUSCERTid:ESB-2021.2572

Trust: 0.6

db:AUSCERTid:ESB-2022.0887

Trust: 0.6

db:AUSCERTid:ESB-2021.4253

Trust: 0.6

db:AUSCERTid:ESB-2021.3256

Trust: 0.6

db:AUSCERTid:ESB-2022.3282

Trust: 0.6

db:AUSCERTid:ESB-2021.2357

Trust: 0.6

db:AUSCERTid:ESB-2021.2363

Trust: 0.6

db:AUSCERTid:ESB-2021.2323

Trust: 0.6

db:AUSCERTid:ESB-2021.4229

Trust: 0.6

db:AUSCERTid:ESB-2021.1821

Trust: 0.6

db:AUSCERTid:ESB-2021.1144

Trust: 0.6

db:AUSCERTid:ESB-2021.2896

Trust: 0.6

db:AUSCERTid:ESB-2021.3495

Trust: 0.6

db:AUSCERTid:ESB-2021.3208

Trust: 0.6

db:AUSCERTid:ESB-2021.2416

Trust: 0.6

db:AUSCERTid:ESB-2021.1571

Trust: 0.6

db:PACKETSTORMid:163922

Trust: 0.6

db:PACKETSTORMid:164279

Trust: 0.6

db:PACKETSTORMid:164346

Trust: 0.6

db:PACKETSTORMid:163713

Trust: 0.6

db:PACKETSTORMid:164566

Trust: 0.6

db:CS-HELPid:SB2021081922

Trust: 0.6

db:CS-HELPid:SB2021071513

Trust: 0.6

db:CS-HELPid:SB2021072145

Trust: 0.6

db:CS-HELPid:SB2022042257

Trust: 0.6

db:CS-HELPid:SB2021093016

Trust: 0.6

db:CS-HELPid:SB2021050706

Trust: 0.6

db:CS-HELPid:SB2022030322

Trust: 0.6

db:CS-HELPid:SB2022012740

Trust: 0.6

db:CS-HELPid:SB2021061815

Trust: 0.6

db:CS-HELPid:SB2022012306

Trust: 0.6

db:CS-HELPid:SB2021071219

Trust: 0.6

db:PACKETSTORMid:163485

Trust: 0.2

db:PACKETSTORMid:163483

Trust: 0.1

db:PACKETSTORMid:163477

Trust: 0.1

db:PACKETSTORMid:163480

Trust: 0.1

db:VULHUBid:VHN-379190

Trust: 0.1

db:VULMONid:CVE-2021-21409

Trust: 0.1

db:PACKETSTORMid:165286

Trust: 0.1

db:PACKETSTORMid:164276

Trust: 0.1

db:PACKETSTORMid:164275

Trust: 0.1

db:PACKETSTORMid:169055

Trust: 0.1

sources: VULHUB: VHN-379190 // VULMON: CVE-2021-21409 // PACKETSTORM: 163485 // PACKETSTORM: 163489 // PACKETSTORM: 163423 // PACKETSTORM: 165286 // PACKETSTORM: 164276 // PACKETSTORM: 164275 // PACKETSTORM: 169055 // CNNVD: CNNVD-202103-1685 // NVD: CVE-2021-21409

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://github.com/netty/netty/security/advisories/ghsa-f256-j965-7f32

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20210604-0003/

Trust: 1.8

url:https://www.debian.org/security/2021/dsa-4885

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-21295

Trust: 1.8

url:https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432

Trust: 1.8

url:https://github.com/netty/netty/security/advisories/ghsa-wm47-8v5p-wjpj

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 1.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-21409

Trust: 1.2

url:https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3cissues.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3ccommits.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3cissues.kudu.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3cissues.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3cissues.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3ccommits.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3cdev.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3cissues.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3ccommits.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3cdev.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3cissues.kudu.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3cissues.kudu.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3cdev.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3cissues.kudu.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3cissues.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3ccommits.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3ccommits.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3cissues.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3cdev.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3cissues.kudu.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3cdev.flink.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3cissues.flink.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3cissues.flink.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3cissues.flink.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3cissues.flink.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3cissues.flink.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3cissues.flink.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3cjira.kafka.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3cissues.kudu.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3cissues.kudu.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3cissues.kudu.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3cissues.kudu.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3cissues.kudu.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3ccommits.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3ccommits.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3ccommits.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3ccommits.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3ccommits.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3cdev.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3cdev.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3cdev.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3cissues.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2416

Trust: 0.6

url:https://packetstormsecurity.com/files/163517/red-hat-security-advisory-2021-2755-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072145

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1571

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3282

Trust: 0.6

url:https://vigilance.fr/vulnerability/netty-information-disclosure-via-http2headerframe-request-smuggling-35007

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030322

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050706

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tier-cve-2021-21409/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6518930

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-netty-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2021-21290-cve-2021-21295-cve-2021/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0872

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042257

Trust: 0.6

url:https://packetstormsecurity.com/files/164346/red-hat-security-advisory-2021-3700-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163713/red-hat-security-advisory-2021-2965-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021093016

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-netty-vulnerability-affects-ibm-watson-machine-learning-on-cp4d-cve-2021-21409/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2357

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4253

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012306

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1144

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071513

Trust: 0.6

url:https://packetstormsecurity.com/files/164566/red-hat-security-advisory-2021-3880-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012740

Trust: 0.6

url:https://packetstormsecurity.com/files/163489/red-hat-security-advisory-2021-2694-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3208

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1821

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3495

Trust: 0.6

url:https://packetstormsecurity.com/files/167709/red-hat-security-advisory-2022-5498-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2323

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3256

Trust: 0.6

url:https://packetstormsecurity.com/files/163922/red-hat-security-advisory-2021-3225-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164279/red-hat-security-advisory-2021-3660-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163423/red-hat-security-advisory-2021-2465-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081922

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061815

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4229

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6528214

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2572

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2896

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071219

Trust: 0.6

url:https://packetstormsecurity.com/files/162839/red-hat-security-advisory-2021-2139-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162490/red-hat-security-advisory-2021-1511-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0887

Trust: 0.6

url:https://issues.jboss.org/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3536

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3536

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-29425

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-29425

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-21295

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3644

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3597

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3597

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3690

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21295

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13936

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3690

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13936

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3642

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-28170

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28170

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/444.html

Trust: 0.1

url:https://github.com/alaial90/cve-2021-21409

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986217

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2692

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2694

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=catrhoar.eclipse.vertx&version=4.1.0

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2465

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35521

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3658

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3656

Trust: 0.1

url:https://security-tracker.debian.org/tracker/netty

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7238

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21290

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20444

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20445

Trust: 0.1

sources: VULHUB: VHN-379190 // VULMON: CVE-2021-21409 // PACKETSTORM: 163485 // PACKETSTORM: 163489 // PACKETSTORM: 163423 // PACKETSTORM: 165286 // PACKETSTORM: 164276 // PACKETSTORM: 164275 // PACKETSTORM: 169055 // CNNVD: CNNVD-202103-1685 // NVD: CVE-2021-21409

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 163485 // PACKETSTORM: 163489 // PACKETSTORM: 163423 // PACKETSTORM: 165286 // PACKETSTORM: 164276 // PACKETSTORM: 164275 // CNNVD: CNNVD-202103-1685

SOURCES

db:VULHUBid:VHN-379190
db:VULMONid:CVE-2021-21409
db:PACKETSTORMid:163485
db:PACKETSTORMid:163489
db:PACKETSTORMid:163423
db:PACKETSTORMid:165286
db:PACKETSTORMid:164276
db:PACKETSTORMid:164275
db:PACKETSTORMid:169055
db:CNNVDid:CNNVD-202103-1685
db:NVDid:CVE-2021-21409

LAST UPDATE DATE

2024-11-19T19:57:27.728000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379190date:2022-05-12T00:00:00
db:VULMONid:CVE-2021-21409date:2022-05-12T00:00:00
db:CNNVDid:CNNVD-202103-1685date:2022-07-07T00:00:00
db:NVDid:CVE-2021-21409date:2023-11-07T03:30:00.920

SOURCES RELEASE DATE

db:VULHUBid:VHN-379190date:2021-03-30T00:00:00
db:VULMONid:CVE-2021-21409date:2021-03-30T00:00:00
db:PACKETSTORMid:163485date:2021-07-13T15:26:05
db:PACKETSTORMid:163489date:2021-07-13T15:38:58
db:PACKETSTORMid:163423date:2021-07-07T16:04:35
db:PACKETSTORMid:165286date:2021-12-15T15:20:33
db:PACKETSTORMid:164276date:2021-09-24T15:39:43
db:PACKETSTORMid:164275date:2021-09-24T15:39:14
db:PACKETSTORMid:169055date:2021-04-28T19:12:00
db:CNNVDid:CNNVD-202103-1685date:2021-03-30T00:00:00
db:NVDid:CVE-2021-21409date:2021-03-30T15:15:14.573