Описание
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | netty | Not affected | ||
| Red Hat JBoss BRMS 5 | netty | Will not fix | ||
| Red Hat JBoss BRMS 6 | netty | Affected | ||
| Red Hat JBoss Data Grid 6 | netty | Affected | ||
| Red Hat JBoss Data Virtualization 6 | netty | Affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | netty | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | netty | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | eds-5 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | ewp-5 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6 | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0 ...
EPSS
2.6 Low
CVSS2