Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-2156

Опубликовано: 18 окт. 2017
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3
CVSS3: 7.5

Описание

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1:4.0.34-1
cosmic

not-affected

1:4.0.34-1
devel

not-affected

1:4.0.34-1
disco

not-affected

1:4.0.34-1
eoan

not-affected

1:4.0.34-1
esm-apps/bionic

not-affected

1:4.0.34-1
esm-apps/focal

not-affected

1:4.0.34-1
esm-apps/jammy

not-affected

1:4.0.34-1
esm-apps/noble

not-affected

1:4.0.34-1

Показывать по

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

3.9.9.Final-1
cosmic

not-affected

3.9.9.Final-1
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

3.9.9.Final-1
esm-apps/xenial

needed

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-2156

redhat
больше 10 лет назад

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

nvd логотип

CVE-2015-2156

CVSS3: 7.5
nvd
больше 8 лет назад

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

debian логотип

CVE-2015-2156

CVSS3: 7.5
debian
больше 8 лет назад

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0 ...

github логотип

GHSA-xfv3-rrfm-f2rv

CVSS3: 7.5
github
больше 5 лет назад

Information Exposure in Netty

4.3 Medium

CVSS2

7.5 High

CVSS3