Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-2156

Опубликовано: 18 окт. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 4.3
EPSS Низкий

Описание

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
Версия до 3.9.7 (включая)
cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03271
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2015-2156

CVSS3: 7.5
ubuntu
больше 8 лет назад

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

redhat логотип

CVE-2015-2156

redhat
больше 10 лет назад

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

debian логотип

CVE-2015-2156

CVSS3: 7.5
debian
больше 8 лет назад

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0 ...

github логотип

GHSA-xfv3-rrfm-f2rv

CVSS3: 7.5
github
больше 5 лет назад

Information Exposure in Netty

EPSS

Процентиль: 87%
0.03271
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20