CGA-jgfj-c76v-j599

Published

Last updated

https://images.chainguard.dev/security/CGA-jgfj-c76v-j599

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2015-2156
GHSA-xfv3-rrfm-f2rv

Severity

Unknown

Summary

Information Exposure in Netty

Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

References

https://nvd.nist.gov/vuln/detail/CVE-2015-2156
https://github.com/advisories/GHSA-xfv3-rrfm-f2rv
https://github.com/netty/netty/pull/3748/commits/4ac519f534493bb0ca7a77e1c779138a54faa7b9
https://github.com/netty/netty/pull/3754
https://github.com/netty/netty/commit/2caa38a2795fe1f1ae6ceda4d69e826ed7c55e55
https://github.com/netty/netty/commit/31815598a2af37f0b71ea94eada70d6659c23752
https://bugzilla.redhat.com/show_bug.cgi?id=1222923
https://github.com/netty/netty
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
https://snyk.io/vuln/SNYK-JAVA-IONETTY-73571
https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html
http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html
http://www.openwall.com/lists/oss-security/2015/05/17/1
http://www.securityfocus.com/bid/74704

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-jgfj-c76v-j599

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources