OR
     *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy

OR
     *cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_network

https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html No Types Assigned

https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html Mailing List, Third Party Advisory

https://www.debian.org/security/2023/dsa-5316 No Types Assigned

https://www.debian.org/security/2023/dsa-5316 Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned

https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory

https://www.debian.org/security/2023/dsa-5316 [No Types Assigned]

https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html [No Types Assigned]

https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned]

OR
     *cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy

https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned

https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote syste

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote syste

OR
     *cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.3

NIST AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

https://security.netapp.com/advisory/ntap-20220107-0003/ No Types Assigned

https://security.netapp.com/advisory/ntap-20220107-0003/ Third Party Advisory

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.7.1.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote syst

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote syste

https://security.netapp.com/advisory/ntap-20220107-0003/ [No Types Assigned]

OR
     *cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.71

NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Victim must voluntarily interact with attack mechanism

NIST CWE-444

https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 No Types Assigned

https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 Patch, Third Party Advisory

https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq No Types Assigned

https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq Third Party Advisory