7.5

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NettyNetty Version <= 3.9.7
NettyNetty Version3.10.0
NettyNetty Version3.10.1
NettyNetty Version3.10.2
NettyNetty Version4.0.0
NettyNetty Version4.0.1
NettyNetty Version4.0.2
NettyNetty Version4.0.3
NettyNetty Version4.0.4
NettyNetty Version4.0.5
NettyNetty Version4.0.6
NettyNetty Version4.0.7
NettyNetty Version4.0.8
NettyNetty Version4.0.9
NettyNetty Version4.0.10
NettyNetty Version4.0.11
NettyNetty Version4.0.12
NettyNetty Version4.0.13
NettyNetty Version4.0.14
NettyNetty Version4.0.15
NettyNetty Version4.0.16
NettyNetty Version4.0.17
NettyNetty Version4.0.18
NettyNetty Version4.0.19
NettyNetty Version4.0.20
NettyNetty Version4.0.21
NettyNetty Version4.0.22
NettyNetty Version4.0.23
NettyNetty Version4.0.24
NettyNetty Version4.0.25
NettyNetty Version4.0.26
NettyNetty Version4.0.27
NettyNetty Version4.1.0 Updatebeta1
NettyNetty Version4.1.0 Updatebeta2
NettyNetty Version4.1.0 Updatebeta3
NettyNetty Version4.1.0 Updatebeta4
LightbendPlay Framework Version2.0 Updaterc3
LightbendPlay Framework Version2.0 Updaterc4
LightbendPlay Framework Version2.0 Updaterc5
LightbendPlay Framework Version2.0.2
LightbendPlay Framework Version2.0.2 Updaterc1
LightbendPlay Framework Version2.0.2 Updaterc2
LightbendPlay Framework Version2.0.3
LightbendPlay Framework Version2.0.3 Updaterc1
LightbendPlay Framework Version2.0.3 Updaterc2
LightbendPlay Framework Version2.0.4
LightbendPlay Framework Version2.0.4 Updaterc1
LightbendPlay Framework Version2.0.4 Updaterc2
LightbendPlay Framework Version2.0.5
LightbendPlay Framework Version2.0.5 Updaterc1
LightbendPlay Framework Version2.0.5 Updaterc2
LightbendPlay Framework Version2.0.6
LightbendPlay Framework Version2.0.7
LightbendPlay Framework Version2.0.8
LightbendPlay Framework Version2.1.0
LightbendPlay Framework Version2.1.1
LightbendPlay Framework Version2.1.1 Updaterc1
LightbendPlay Framework Version2.2.0
LightbendPlay Framework Version2.2.1
LightbendPlay Framework Version2.2.2
LightbendPlay Framework Version2.2.6
LightbendPlay Framework Version2.3.0
LightbendPlay Framework Version2.3.0 Updaterc1
LightbendPlay Framework Version2.3.0 Updaterc2
LightbendPlay Framework Version2.3.1
LightbendPlay Framework Version2.3.2
LightbendPlay Framework Version2.3.2 Updaterc1
LightbendPlay Framework Version2.3.2 Updaterc2
LightbendPlay Framework Version2.3.3
LightbendPlay Framework Version2.3.4
LightbendPlay Framework Version2.3.5
LightbendPlay Framework Version2.3.6
LightbendPlay Framework Version2.3.7
LightbendPlay Framework Version2.3.8
PlayframeworkPlay Framework Version2.0
PlayframeworkPlay Framework Version2.0 Updatebeta
PlayframeworkPlay Framework Version2.0 Updaterc1
PlayframeworkPlay Framework Version2.0 Updaterc2
PlayframeworkPlay Framework Version2.0.1
PlayframeworkPlay Framework Version2.1.1 Update2.9.x-backport
PlayframeworkPlay Framework Version2.1.1 Updaterc1-2.9.x-backport
PlayframeworkPlay Framework Version2.1.1 Updaterc2
PlayframeworkPlay Framework Version2.1.2
PlayframeworkPlay Framework Version2.1.2 Updaterc1
PlayframeworkPlay Framework Version2.1.2 Updaterc2
PlayframeworkPlay Framework Version2.1.3
PlayframeworkPlay Framework Version2.1.3 Updaterc1
PlayframeworkPlay Framework Version2.1.3 Updaterc2
PlayframeworkPlay Framework Version2.1.4
PlayframeworkPlay Framework Version2.1.4 Updaterc1
PlayframeworkPlay Framework Version2.1.4 Updaterc2
PlayframeworkPlay Framework Version2.1.5
PlayframeworkPlay Framework Version2.1.6
PlayframeworkPlay Framework Version2.1.6 Updaterc1
PlayframeworkPlay Framework Version2.2.0 Updatem1
PlayframeworkPlay Framework Version2.2.0 Updatem2
PlayframeworkPlay Framework Version2.2.0 Updatem3
PlayframeworkPlay Framework Version2.2.0 Updaterc1
PlayframeworkPlay Framework Version2.2.0 Updaterc2
PlayframeworkPlay Framework Version2.2.1 Updaterc1
PlayframeworkPlay Framework Version2.2.2 Updaterc1
PlayframeworkPlay Framework Version2.2.2 Updaterc2
PlayframeworkPlay Framework Version2.2.2 Updaterc3
PlayframeworkPlay Framework Version2.2.2 Updaterc4
PlayframeworkPlay Framework Version2.2.3
PlayframeworkPlay Framework Version2.2.3 Updaterc1
PlayframeworkPlay Framework Version2.2.3 Updaterc2
PlayframeworkPlay Framework Version2.2.4
PlayframeworkPlay Framework Version2.2.5
PlayframeworkPlay Framework Version2.3 Updatem1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.616
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/74704
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1222923
Third Party Advisory
Issue Tracking