Search criteria
6 vulnerabilities found for play_framework by playframework
FKIE_CVE-2014-3630
Vulnerability from fkie_nvd - Published: 2017-12-29 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lightbend | play_framework | 2.2.0 | |
| lightbend | play_framework | 2.2.0 | |
| lightbend | play_framework | 2.2.0 | |
| lightbend | play_framework | 2.2.0 | |
| lightbend | play_framework | 2.2.1 | |
| lightbend | play_framework | 2.2.2 | |
| lightbend | play_framework | 2.3.0 | |
| lightbend | play_framework | 2.3.0 | |
| lightbend | play_framework | 2.3.0 | |
| lightbend | play_framework | 2.3.1 | |
| lightbend | play_framework | 2.3.2 | |
| lightbend | play_framework | 2.3.2 | |
| lightbend | play_framework | 2.3.2 | |
| lightbend | play_framework | 2.3.3 | |
| lightbend | play_framework | 2.3.4 | |
| playframework | play_framework | 2.2.0 | |
| playframework | play_framework | 2.2.1 | |
| playframework | play_framework | 2.2.2 | |
| playframework | play_framework | 2.2.2 | |
| playframework | play_framework | 2.2.2 | |
| playframework | play_framework | 2.2.2 | |
| playframework | play_framework | 2.2.3 | |
| playframework | play_framework | 2.2.4 | |
| playframework | play_framework | 2.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F790A14D-13BD-4924-9B56-BB73D7AB9441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "63908B48-9D7B-47E1-9531-70AD5EF6351D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "31B193D1-A0A7-4707-85B3-450126229618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "0099803B-5FDB-41C2-A0AA-3C40B6A1174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9D0F9F7F-6BAA-4BFE-9EF6-5FDC89B5A100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1ED49591-2830-4388-841E-BB774CE18E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CE253560-BABE-4917-80AE-92BE1AE41F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "81BCC634-6424-4D53-AE78-F00782F290DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9A457C-DA32-4094-9EF7-5DCBA4904CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "9075EEDA-8FC6-4CD6-9420-0125E7B9A001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89244DD5-3EA1-471F-B678-A6921D17A804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96B59DC4-58BB-424C-BEFD-DF7E43E39C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEFD24F-A241-44A7-9C2D-128F5C5F69BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D286954C-BD26-4433-84D3-D0F37B61BB4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36149A37-5BF7-41EC-AD65-34F5DAFFC64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "407B15E5-5355-4AE0-98E1-26B7C60D77A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A72C43-6033-4E99-BF41-513E4C69E2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2E54E70F-8F06-4558-B725-045B379D6279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A8061B89-3B8D-4D38-9DA8-A52EC97CF966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D664F3EF-B07F-47BC-A9CF-6CD22CF73D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C991464B-52D4-4F70-91CE-E5FFDFCC6DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDCCE92-D85D-453B-B13B-52FC888F340A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data."
},
{
"lang": "es",
"value": "Vulnerabilidad de XEE (XML External Entity) en la funcionalidad de procesamiento de Java XML en Play, en versiones anteriores a la 2.2.6 y versiones 2.3.x anteriores a la 2.3.5, podr\u00eda permitir a atacantes remotos leer archivos arbitrarios, provocar una denegaci\u00f3n de servicio (DoS) o causar otro tipo de impacto no especificado mediante datos XML manipulados."
}
],
"id": "CVE-2014-3630",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-29T22:29:00.363",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2156
Vulnerability from fkie_nvd - Published: 2017-10-18 15:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9BE4D2-0AF8-4825-9108-52EF8BD6C7B5",
"versionEndIncluding": "3.9.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66A094D1-826C-4DCF-BF8F-0AA0F8A5CC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5609AE-1F05-4EDC-844F-E357BE1E02B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39F54228-AE67-4A7E-9C2F-99D3754CC8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069A7F48-DDF9-4C29-829F-63480AC8252A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1657CCDD-547C-462F-84A6-5C7897A0DE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48DEF144-095B-4A16-B1A0-540FFCB0571D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34811757-A83B-4177-B256-17C75669CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0B1676-F16F-49CB-A1D2-961236B29FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5B2C70-1CA5-4285-B85A-C01A1F0D256F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4223B041-EA1F-4EF5-9C56-93B47426D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF070FD-09A2-453C-ABB0-57806785AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A78B72B6-389E-4EE4-86D4-9C8499BAF7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "638159B5-DCB2-48F2-B98C-D02AA4B55567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD72B11-80BE-4EE8-8350-E84A4DE19A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "938E8F20-809C-41CF-90B3-16C4FA22BE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D14F96ED-9B74-446A-BDAA-37DA46BF1C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "490A338C-50BB-4292-B3E3-EBCB4D2A89F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6F11CDD4-F2C1-4019-AF12-F2F31A5A36AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F172E1C-0264-4241-988D-7EB38188E029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "07F517E7-0C8B-4562-ABF7-F2B5B1BA682E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C776C471-B66F-4349-B7E9-D59012B53BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D796E9-9D65-4E1B-91DA-5CBC829A4516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F64F7398-0C92-459B-809D-7BA543AEF058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "316B7A3D-69B4-4F9B-80A6-AB9858E01743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B6111A-96A4-4E6F-B6C4-D0B85DD2CFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF6D60E-C9FD-4A73-ACB8-06500ADD8486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8E71050A-DFA2-41E5-9544-5DFF5453B4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CE17333-AA06-4AD0-AFE0-B240BD22597C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "62D878A0-678F-4D36-89B6-D9957EF8FC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "11F45B0B-5D3E-48ED-A969-1EB8E9258A7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CBDD885-76D8-4A44-839F-7161A319CD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CCCCBA8E-471B-4EE7-99D1-FCF228F396E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "95760FF9-A33C-4794-9585-79F29FF8218D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49CEACD0-279B-418D-8679-22D6CD18CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B8DFEB1B-2BC6-4A81-9D97-232D6BB51BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4366138D-B4BC-450B-A52E-EA46CC9A2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E48B60E-F85B-4DC6-806A-94D424D4E7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F3F1ADCB-FDE4-4C43-BFEB-EA81524C1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7136FA34-EF5E-4F7B-8E78-85EA9B018758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E350767E-C5CD-4B3E-B70C-0D166B66F64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80DC4D2F-CCEE-4227-A76F-F9B339E298C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4555E3D-B28A-4D7F-8322-8C93E055A41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2EFEFB-CC1C-4453-9CAC-D37063E1D851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A202AEE2-B1B7-49BD-BA91-98A71E7FA5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36E51880-F5E5-47D6-BA90-B4C6E8ADE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C80F35-3B8E-4F7D-9C6B-21585F2516E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8763EA91-CF68-4142-9F0F-F16AA9CF0011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1535A9FA-42C2-40B6-96E6-CDBCE6F54076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F034A-E343-4285-A7EB-FC60F12F73AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F351418-832C-4994-B3BF-B0F0152EE810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F03EAA0F-848C-4FCF-927E-DAFAFFA7641C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932C1D92-71AC-4520-A296-503BF0764E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F36EA7C0-669E-4D87-9E9C-FA3CEE565EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80ED9605-6D97-4DB2-96A2-C5F0BD6DDF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3107A2-7BA5-4490-98C4-A4FC127C07CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3287C930-7E89-4FE9-9570-7D05A8727AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "81BCC634-6424-4D53-AE78-F00782F290DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9A457C-DA32-4094-9EF7-5DCBA4904CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95DE19B0-FDFD-4556-96F4-6D9470904F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89244DD5-3EA1-471F-B678-A6921D17A804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96B59DC4-58BB-424C-BEFD-DF7E43E39C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEFD24F-A241-44A7-9C2D-128F5C5F69BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D286954C-BD26-4433-84D3-D0F37B61BB4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2718B3-AE02-4C76-A17F-22B72016681A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6F869944-14A6-4C7A-A096-7ABB0740B7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "05A936F4-7FC3-45CD-AEBB-5DF105A5D698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EDA101-F379-4CE9-83FA-1F85A501EA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB9E2FF-60E9-4AF7-8893-688FD90C20BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "52FEDFA6-7774-4946-86D7-5A2E9E727D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22061490-43D6-4793-A150-6159A979F586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2D4E1C16-BE0D-4E09-9E44-FE85A9D04568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "856EF408-705A-48B9-B806-2AA5EE52984E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*",
"matchCriteriaId": "E2E88D11-966D-4273-AE80-A8ADD93F7E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*",
"matchCriteriaId": "67A73F1E-3203-4EDE-A5FF-8225CCAEC652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23F4DA74-514C-433E-BE4F-756002431D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344B07EE-75F3-4794-8AFB-C68E26AECBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CCCB3504-8E6E-4825-A45B-EE1D5DBED376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "085836CB-4832-4CBF-B2BB-E606C0F5261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "021F9BAB-1DAD-49EE-8F37-1E4155F8C32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "81FFB9E4-0CDB-4F9F-AAFC-5BAE1A2B7E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EC833EB6-FEE5-4A65-96E1-02E781D11354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE38FB18-831C-4260-A70E-85FFB4048A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "28889691-9C50-4E80-8893-F4A04176D881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "87AE18E4-42C2-4827-807D-E9FAA6AA6685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A97A5A4-8D69-4514-9FF2-C7D7D2FF3FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB3F1A0-13DE-40F0-A368-D7967706054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04CE71EA-2251-4860-8343-68E89FB00507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "290E178F-F7F3-42B3-8B0F-B596F556646A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "882AB7C8-2823-4FA7-95A7-D116421A055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "C57FF361-2274-4F9A-AD5A-BB0626BF7D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "947EF76E-2155-4191-AD7E-26A34B733B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36149A37-5BF7-41EC-AD65-34F5DAFFC64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "407B15E5-5355-4AE0-98E1-26B7C60D77A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A72C43-6033-4E99-BF41-513E4C69E2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2E54E70F-8F06-4558-B725-045B379D6279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A8061B89-3B8D-4D38-9DA8-A52EC97CF966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D664F3EF-B07F-47BC-A9CF-6CD22CF73D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "878003F7-7BE7-473A-B0B7-1C26A9A02D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A2114F67-E72F-4559-8921-7567F0985ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C991464B-52D4-4F70-91CE-E5FFDFCC6DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDCCE92-D85D-453B-B13B-52FC888F340A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*",
"matchCriteriaId": "8CEE3098-76E1-4734-9292-09EE7FB13044",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
},
{
"lang": "es",
"value": "Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones anteriores a la 2.3.9 podr\u00eda permitir que atacantes remotos omitan el indicador httpOnly en las cookies y obtengan informaci\u00f3n sensible aprovechando la validaci\u00f3n incorrecta del nombre de la cookie y los caracteres del valor."
}
],
"id": "CVE-2015-2156",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T15:29:00.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-3630 (GCVE-0-2014-3630)
Vulnerability from cvelistv5 – Published: 2017-12-29 22:00 – Updated: 2024-08-06 10:50
VLAI?
Summary
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-29T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
"refsource": "MISC",
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"name": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"name": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ"
},
{
"name": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
"refsource": "CONFIRM",
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3630",
"datePublished": "2017-12-29T22:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2156 (GCVE-0-2015-2156)
Vulnerability from cvelistv5 – Published: 2017-10-18 15:00 – Updated: 2024-08-06 05:10
VLAI?
Summary
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:14.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:07:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"refsource": "CONFIRM",
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"refsource": "MISC",
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"name": "https://github.com/netty/netty/pull/3754",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2156",
"datePublished": "2017-10-18T15:00:00",
"dateReserved": "2015-02-28T00:00:00",
"dateUpdated": "2024-08-06T05:10:14.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3630 (GCVE-0-2014-3630)
Vulnerability from nvd – Published: 2017-12-29 22:00 – Updated: 2024-08-06 10:50
VLAI?
Summary
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-29T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
"refsource": "MISC",
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"name": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"name": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ"
},
{
"name": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
"refsource": "CONFIRM",
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3630",
"datePublished": "2017-12-29T22:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2156 (GCVE-0-2015-2156)
Vulnerability from nvd – Published: 2017-10-18 15:00 – Updated: 2024-08-06 05:10
VLAI?
Summary
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:14.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:07:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
"refsource": "CONFIRM",
"url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
},
{
"name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
"refsource": "MISC",
"url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
},
{
"name": "FEDORA-2015-8713",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
},
{
"name": "https://github.com/netty/netty/pull/3754",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/pull/3754"
},
{
"name": "FEDORA-2015-8684",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
},
{
"name": "74704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74704"
},
{
"name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2156",
"datePublished": "2017-10-18T15:00:00",
"dateReserved": "2015-02-28T00:00:00",
"dateUpdated": "2024-08-06T05:10:14.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}