/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2015-2156

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-2156

Severity

7.5

High

CVSS CVSS_V3

Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

References

Affected packages


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing