Oracle Communications Instant Messaging Server 8.1

CPE Details

Oracle Communications Instant Messaging Server 8.1
oracle
communications_instant_messaging_server
8.1
2022-04-20
15h16 +00:00
2022-05-02
12h57 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

communications_instant_messaging_server

Version

8.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-43797 2021-12-08
23h00 +00:00		 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
6.5
Medium
CVE-2021-37136 2021-10-18
22h00 +00:00		 The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
7.5
High