Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-2156 (GCVE-0-2015-2156)
Vulnerability from cvelistv5 – Published: 2017-10-18 15:00 – Updated: 2024-08-06 05:10
VLAI?
EPSS
Summary
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:14.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:07:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"refsource": "CONFIRM",
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"refsource": "MISC",
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"name": "https://github.com/netty/netty/pull/3754",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2156",
"datePublished": "2017-10-18T15:00:00.000Z",
"dateReserved": "2015-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:10:14.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2015-2156
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-2156",
"description": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
"id": "GSD-2015-2156"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-2156"
],
"details": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
"id": "GSD-2015-2156",
"modified": "2023-12-13T01:20:00.823437Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"refsource": "CONFIRM",
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"refsource": "MISC",
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"name": "https://github.com/netty/netty/pull/3754",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,4.0.2.7]",
"affected_versions": "All versions up to 4.0.2.7",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2021-09-22",
"description": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
"fixed_versions": [
"4.0.2.8"
],
"identifier": "CVE-2015-2156",
"identifiers": [
"GHSA-xfv3-rrfm-f2rv",
"CVE-2015-2156"
],
"not_impacted": "All versions after 4.0.2.7",
"package_slug": "maven/io.netty/netty-handler",
"pubdate": "2020-06-30",
"solution": "Upgrade to version 4.0.2.8 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-2156",
"https://github.com/netty/netty/pull/3748/commits/4ac519f534493bb0ca7a77e1c779138a54faa7b9",
"https://github.com/netty/netty/pull/3754",
"https://github.com/netty/netty/commit/2caa38a2795fe1f1ae6ceda4d69e826ed7c55e55",
"https://github.com/netty/netty/commit/31815598a2af37f0b71ea94eada70d6659c23752",
"https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E",
"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
"https://snyk.io/vuln/SNYK-JAVA-IONETTY-73571",
"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"http://www.openwall.com/lists/oss-security/2015/05/17/1",
"http://www.securityfocus.com/bid/74704",
"https://github.com/advisories/GHSA-xfv3-rrfm-f2rv"
],
"uuid": "a83db962-09d1-44dc-b11d-d508412a16c0"
},
{
"affected_range": "[4.0.0,4.0.28.Final)",
"affected_versions": "All versions starting from 4.0.0 before 4.0.28.final",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2023-08-16",
"description": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
"fixed_versions": [
"4.0.28.Final"
],
"identifier": "CVE-2015-2156",
"identifiers": [
"GHSA-xfv3-rrfm-f2rv",
"CVE-2015-2156"
],
"not_impacted": "All versions before 4.0.0, all versions starting from 4.0.28.final",
"package_slug": "maven/io.netty/netty-parent",
"pubdate": "2020-06-30",
"solution": "Upgrade to version 4.0.28.Final or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-2156",
"https://github.com/netty/netty/pull/3748/commits/4ac519f534493bb0ca7a77e1c779138a54faa7b9",
"https://github.com/netty/netty/pull/3754",
"https://github.com/netty/netty/commit/2caa38a2795fe1f1ae6ceda4d69e826ed7c55e55",
"https://github.com/netty/netty/commit/31815598a2af37f0b71ea94eada70d6659c23752",
"https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E",
"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
"https://snyk.io/vuln/SNYK-JAVA-IONETTY-73571",
"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"http://www.openwall.com/lists/oss-security/2015/05/17/1",
"http://www.securityfocus.com/bid/74704",
"https://github.com/advisories/GHSA-xfv3-rrfm-f2rv"
],
"uuid": "4f42e73d-e1c8-4d7d-b7ff-1ad4419f4f84"
},
{
"affected_range": "(,3.9.8.Final),[3.10.0,3.10.3.Final)",
"affected_versions": "All versions before 3.9.8.final, all versions starting from 3.10.0 before 3.10.3.final",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2023-08-16",
"description": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
"fixed_versions": [
"3.9.8.Final",
"3.10.3.Final"
],
"identifier": "CVE-2015-2156",
"identifiers": [
"GHSA-xfv3-rrfm-f2rv",
"CVE-2015-2156"
],
"not_impacted": "All versions starting from 3.9.8.final before 3.10.0, all versions starting from 3.10.3.final",
"package_slug": "maven/io.netty/netty",
"pubdate": "2020-06-30",
"solution": "Upgrade to versions 3.9.8.Final, 3.10.3.Final or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-2156",
"https://github.com/netty/netty/pull/3748/commits/4ac519f534493bb0ca7a77e1c779138a54faa7b9",
"https://github.com/netty/netty/pull/3754",
"https://github.com/netty/netty/commit/2caa38a2795fe1f1ae6ceda4d69e826ed7c55e55",
"https://github.com/netty/netty/commit/31815598a2af37f0b71ea94eada70d6659c23752",
"https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E",
"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
"https://snyk.io/vuln/SNYK-JAVA-IONETTY-73571",
"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"http://www.openwall.com/lists/oss-security/2015/05/17/1",
"http://www.securityfocus.com/bid/74704",
"https://github.com/advisories/GHSA-xfv3-rrfm-f2rv"
],
"uuid": "664a5372-5551-42d7-b09e-f35797107628"
},
{
"affected_range": "(,3.9.8.Final),[3.10.0,3.10.3.Final)",
"affected_versions": "All versions before 3.9.8.final, all versions starting from 3.10.0 before 3.10.3.final",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2023-08-16",
"description": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
"fixed_versions": [
"3.9.8.Final",
"3.10.3.Final"
],
"identifier": "CVE-2015-2156",
"identifiers": [
"GHSA-xfv3-rrfm-f2rv",
"CVE-2015-2156"
],
"not_impacted": "All versions starting from 3.9.8.final before 3.10.0, all versions starting from 3.10.3.final",
"package_slug": "maven/org.jboss.netty/netty",
"pubdate": "2020-06-30",
"solution": "Upgrade to versions 3.9.8.Final, 3.10.3.Final or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-2156",
"https://github.com/netty/netty/pull/3748/commits/4ac519f534493bb0ca7a77e1c779138a54faa7b9",
"https://github.com/netty/netty/pull/3754",
"https://github.com/netty/netty/commit/2caa38a2795fe1f1ae6ceda4d69e826ed7c55e55",
"https://github.com/netty/netty/commit/31815598a2af37f0b71ea94eada70d6659c23752",
"https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E",
"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E",
"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
"https://snyk.io/vuln/SNYK-JAVA-IONETTY-73571",
"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"http://www.openwall.com/lists/oss-security/2015/05/17/1",
"http://www.securityfocus.com/bid/74704",
"https://github.com/advisories/GHSA-xfv3-rrfm-f2rv"
],
"uuid": "ff528a2a-24fd-4237-bd0b-6805082cff00"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.9.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2156"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "https://github.com/netty/netty/pull/3754",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"name": "74704",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"name": "FEDORA-2015-8684",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "FEDORA-2015-8713",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-11-25T16:25Z",
"publishedDate": "2017-10-18T15:29Z"
}
}
}
GHSA-XFV3-RRFM-F2RV
Vulnerability from github – Published: 2020-06-30 21:01 – Updated: 2021-09-22 18:45
VLAI?
Summary
Information Exposure in Netty
Details
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-parent"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.28.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.netty:netty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.8.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.netty:netty"
},
"ranges": [
{
"events": [
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.3.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty"
},
"ranges": [
{
"events": [
{
"introduced": "3.10.0"
},
{
"fixed": "3.10.3.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.8.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-2156"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-30T20:59:55Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
"id": "GHSA-xfv3-rrfm-f2rv",
"modified": "2021-09-22T18:45:29Z",
"published": "2020-06-30T21:01:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2156"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/pull/3748/commits/4ac519f534493bb0ca7a77e1c779138a54faa7b9"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/pull/3754"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/commit/2caa38a2795fe1f1ae6ceda4d69e826ed7c55e55"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/commit/31815598a2af37f0b71ea94eada70d6659c23752"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-IONETTY-73571"
},
{
"type": "WEB",
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"type": "WEB",
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74704"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Information Exposure in Netty"
}
CERTFR-2025-AVI-0021
Vulnerability from certfr_avis - Published: 2025-01-10 - Updated: 2025-01-10
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.14 | ||
| IBM | Spectrum | Spectrum Control versions 5.4.x antérieures à 5.4.13 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité | ||
| IBM | QRadar | QRadar Analyst Workflow versions antérieures à 2.34.0 | ||
| IBM | Db2 | Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2023-52471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
},
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2015-2156",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2022-25869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
},
{
"name": "CVE-2024-9355",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
},
{
"name": "CVE-2023-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
},
{
"name": "CVE-2024-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-26586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
},
{
"name": "CVE-2024-26638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2020-7238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
},
{
"name": "CVE-2021-46939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2021-32036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
},
{
"name": "CVE-2024-26802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2024-26665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-40997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2021-32040",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2023-26117",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2014-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2019-14863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
},
{
"name": "CVE-2023-52683",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-35944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2024-35809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-52809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
},
{
"name": "CVE-2023-52451",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
},
{
"name": "CVE-2024-39472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-40998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
},
{
"name": "CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2020-7676",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2023-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2023-52730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2021-47321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
},
{
"name": "CVE-2024-26640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-27019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2019-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
},
{
"name": "CVE-2023-52476",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2024-26855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"initial_release_date": "2025-01-10T00:00:00",
"last_revision_date": "2025-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0021",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
"url": "https://www.ibm.com/support/pages/node/7180462"
},
{
"published_at": "2025-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
"url": "https://www.ibm.com/support/pages/node/7180361"
},
{
"published_at": "2025-01-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
"url": "https://www.ibm.com/support/pages/node/7180282"
},
{
"published_at": "2025-01-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
"url": "https://www.ibm.com/support/pages/node/7180314"
},
{
"published_at": "2025-01-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
"url": "https://www.ibm.com/support/pages/node/7180450"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
"url": "https://www.ibm.com/support/pages/node/7180545"
}
]
}
FKIE_CVE-2015-2156
Vulnerability from fkie_nvd - Published: 2017-10-18 15:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9BE4D2-0AF8-4825-9108-52EF8BD6C7B5",
"versionEndIncluding": "3.9.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66A094D1-826C-4DCF-BF8F-0AA0F8A5CC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5609AE-1F05-4EDC-844F-E357BE1E02B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39F54228-AE67-4A7E-9C2F-99D3754CC8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069A7F48-DDF9-4C29-829F-63480AC8252A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1657CCDD-547C-462F-84A6-5C7897A0DE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48DEF144-095B-4A16-B1A0-540FFCB0571D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34811757-A83B-4177-B256-17C75669CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0B1676-F16F-49CB-A1D2-961236B29FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5B2C70-1CA5-4285-B85A-C01A1F0D256F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4223B041-EA1F-4EF5-9C56-93B47426D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF070FD-09A2-453C-ABB0-57806785AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A78B72B6-389E-4EE4-86D4-9C8499BAF7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "638159B5-DCB2-48F2-B98C-D02AA4B55567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD72B11-80BE-4EE8-8350-E84A4DE19A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "938E8F20-809C-41CF-90B3-16C4FA22BE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D14F96ED-9B74-446A-BDAA-37DA46BF1C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "490A338C-50BB-4292-B3E3-EBCB4D2A89F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6F11CDD4-F2C1-4019-AF12-F2F31A5A36AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F172E1C-0264-4241-988D-7EB38188E029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "07F517E7-0C8B-4562-ABF7-F2B5B1BA682E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C776C471-B66F-4349-B7E9-D59012B53BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D796E9-9D65-4E1B-91DA-5CBC829A4516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F64F7398-0C92-459B-809D-7BA543AEF058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "316B7A3D-69B4-4F9B-80A6-AB9858E01743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B6111A-96A4-4E6F-B6C4-D0B85DD2CFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF6D60E-C9FD-4A73-ACB8-06500ADD8486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8E71050A-DFA2-41E5-9544-5DFF5453B4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CE17333-AA06-4AD0-AFE0-B240BD22597C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "62D878A0-678F-4D36-89B6-D9957EF8FC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "11F45B0B-5D3E-48ED-A969-1EB8E9258A7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CBDD885-76D8-4A44-839F-7161A319CD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CCCCBA8E-471B-4EE7-99D1-FCF228F396E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "95760FF9-A33C-4794-9585-79F29FF8218D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49CEACD0-279B-418D-8679-22D6CD18CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B8DFEB1B-2BC6-4A81-9D97-232D6BB51BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4366138D-B4BC-450B-A52E-EA46CC9A2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E48B60E-F85B-4DC6-806A-94D424D4E7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3F1ADCB-FDE4-4C43-BFEB-EA81524C1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7136FA34-EF5E-4F7B-8E78-85EA9B018758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E350767E-C5CD-4B3E-B70C-0D166B66F64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80DC4D2F-CCEE-4227-A76F-F9B339E298C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4555E3D-B28A-4D7F-8322-8C93E055A41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2EFEFB-CC1C-4453-9CAC-D37063E1D851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A202AEE2-B1B7-49BD-BA91-98A71E7FA5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36E51880-F5E5-47D6-BA90-B4C6E8ADE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C80F35-3B8E-4F7D-9C6B-21585F2516E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8763EA91-CF68-4142-9F0F-F16AA9CF0011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1535A9FA-42C2-40B6-96E6-CDBCE6F54076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F034A-E343-4285-A7EB-FC60F12F73AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F351418-832C-4994-B3BF-B0F0152EE810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F03EAA0F-848C-4FCF-927E-DAFAFFA7641C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932C1D92-71AC-4520-A296-503BF0764E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F36EA7C0-669E-4D87-9E9C-FA3CEE565EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80ED9605-6D97-4DB2-96A2-C5F0BD6DDF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3107A2-7BA5-4490-98C4-A4FC127C07CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3287C930-7E89-4FE9-9570-7D05A8727AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "81BCC634-6424-4D53-AE78-F00782F290DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9A457C-DA32-4094-9EF7-5DCBA4904CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95DE19B0-FDFD-4556-96F4-6D9470904F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89244DD5-3EA1-471F-B678-A6921D17A804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96B59DC4-58BB-424C-BEFD-DF7E43E39C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEFD24F-A241-44A7-9C2D-128F5C5F69BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D286954C-BD26-4433-84D3-D0F37B61BB4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2718B3-AE02-4C76-A17F-22B72016681A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6F869944-14A6-4C7A-A096-7ABB0740B7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "05A936F4-7FC3-45CD-AEBB-5DF105A5D698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EDA101-F379-4CE9-83FA-1F85A501EA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB9E2FF-60E9-4AF7-8893-688FD90C20BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "52FEDFA6-7774-4946-86D7-5A2E9E727D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22061490-43D6-4793-A150-6159A979F586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2D4E1C16-BE0D-4E09-9E44-FE85A9D04568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "856EF408-705A-48B9-B806-2AA5EE52984E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*",
"matchCriteriaId": "E2E88D11-966D-4273-AE80-A8ADD93F7E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*",
"matchCriteriaId": "67A73F1E-3203-4EDE-A5FF-8225CCAEC652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23F4DA74-514C-433E-BE4F-756002431D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344B07EE-75F3-4794-8AFB-C68E26AECBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CCCB3504-8E6E-4825-A45B-EE1D5DBED376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "085836CB-4832-4CBF-B2BB-E606C0F5261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "021F9BAB-1DAD-49EE-8F37-1E4155F8C32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "81FFB9E4-0CDB-4F9F-AAFC-5BAE1A2B7E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EC833EB6-FEE5-4A65-96E1-02E781D11354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE38FB18-831C-4260-A70E-85FFB4048A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "28889691-9C50-4E80-8893-F4A04176D881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "87AE18E4-42C2-4827-807D-E9FAA6AA6685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A97A5A4-8D69-4514-9FF2-C7D7D2FF3FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB3F1A0-13DE-40F0-A368-D7967706054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04CE71EA-2251-4860-8343-68E89FB00507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "290E178F-F7F3-42B3-8B0F-B596F556646A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "882AB7C8-2823-4FA7-95A7-D116421A055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "C57FF361-2274-4F9A-AD5A-BB0626BF7D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "947EF76E-2155-4191-AD7E-26A34B733B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36149A37-5BF7-41EC-AD65-34F5DAFFC64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "407B15E5-5355-4AE0-98E1-26B7C60D77A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A72C43-6033-4E99-BF41-513E4C69E2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2E54E70F-8F06-4558-B725-045B379D6279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A8061B89-3B8D-4D38-9DA8-A52EC97CF966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D664F3EF-B07F-47BC-A9CF-6CD22CF73D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "878003F7-7BE7-473A-B0B7-1C26A9A02D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A2114F67-E72F-4559-8921-7567F0985ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C991464B-52D4-4F70-91CE-E5FFDFCC6DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDCCE92-D85D-453B-B13B-52FC888F340A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*",
"matchCriteriaId": "8CEE3098-76E1-4734-9292-09EE7FB13044",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
},
{
"lang": "es",
"value": "Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones anteriores a la 2.3.9 podr\u00eda permitir que atacantes remotos omitan el indicador httpOnly en las cookies y obtengan informaci\u00f3n sensible aprovechando la validaci\u00f3n incorrecta del nombre de la cookie y los caracteres del valor."
}
],
"id": "CVE-2015-2156",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T15:29:00.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2015-04143
Vulnerability from cnvd - Published: 2015-07-01
VLAI Severity ?
Title
Netty和Play Framework会话劫持漏洞
Description
Netty是由JBOSS提供的一个java开源框架。
Netty和Play Framework中存在会话劫持漏洞,攻击者可利用该漏洞获取受影响应用程序的未授权的访问权限。
Severity
低
Patch Name
Netty和Play Framework会话劫持漏洞的补丁
Patch Description
Netty是由JBOSS提供的一个java开源框架。Netty和Play Framework中存在会话劫持漏洞,攻击者可利用该漏洞获取受影响应用程序的未授权的访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://www.playframework.com/
Reference
http://www.securityfocus.com/bid/74704
Impacted products
| Name | ['The Netty project Netty', 'Play Framework'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "74704"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2015-2156"
}
},
"description": "Netty\u662f\u7531JBOSS\u63d0\u4f9b\u7684\u4e00\u4e2ajava\u5f00\u6e90\u6846\u67b6\u3002 \r\n\r\nNetty\u548cPlay Framework\u4e2d\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002",
"discovererName": "Roman Shafigullin, Luca Carettoni and Mukul Khullar from LinkedIn",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.playframework.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-04143",
"openTime": "2015-07-01",
"patchDescription": "Netty\u662f\u7531JBOSS\u63d0\u4f9b\u7684\u4e00\u4e2ajava\u5f00\u6e90\u6846\u67b6\u3002Netty\u548cPlay Framework\u4e2d\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Netty\u548cPlay Framework\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"The Netty project Netty",
"Play Framework"
]
},
"referenceLink": "http://www.securityfocus.com/bid/74704",
"serverity": "\u4f4e",
"submitTime": "2015-06-27",
"title": "Netty\u548cPlay Framework\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…