{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2156", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html", "refsource": "CONFIRM", "url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html" }, { "name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass", "refsource": "MISC", "url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass" }, { "name": "FEDORA-2015-8713", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923" }, { "name": "https://github.com/netty/netty/pull/3754", "refsource": "CONFIRM", "url": "https://github.com/netty/netty/pull/3754" }, { "name": "FEDORA-2015-8684", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html" }, { "name": "74704", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74704" }, { "name": "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/05/17/1" }, { "refsource": "MLIST", "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" }, { "refsource": "MLIST", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)", "url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E" }, { "refsource": "MLIST", "name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)", "url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E" }, { "refsource": "MLIST", "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" } ] } }