CVE-2015-2156

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-2156

CGA ID

CGA-jgfj-c76v-j599

Severity

Unknown

Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

References

https://images.chainguard.dev/security/CGA-jgfj-c76v-j599
https://github.com/advisories/GHSA-xfv3-rrfm-f2rv
http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html
http://www.securityfocus.com/bid/74704
http://www.openwall.com/lists/oss-security/2015/05/17/1
https://bugzilla.redhat.com/show_bug.cgi?id=1222923
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html
https://github.com/netty/netty/pull/3754
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass
https://security-tracker.debian.org/tracker/CVE-2015-2156

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2015-2156

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources