{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:17.931Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-29T21:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-3630",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
                     refsource: "MISC",
                     url: "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
                  },
                  {
                     name: "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
                     refsource: "CONFIRM",
                     url: "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
                  },
                  {
                     name: "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ",
                     refsource: "CONFIRM",
                     url: "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ",
                  },
                  {
                     name: "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
                     refsource: "CONFIRM",
                     url: "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3630",
      datePublished: "2017-12-29T22:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:17.931Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T05:10:14.283Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
               },
               {
                  name: "FEDORA-2015-8713",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/netty/netty/pull/3754",
               },
               {
                  name: "FEDORA-2015-8684",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
               },
               {
                  name: "74704",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74704",
               },
               {
                  name: "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
               },
               {
                  name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
               },
               {
                  name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E",
               },
               {
                  name: "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E",
               },
               {
                  name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-05-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-16T01:07:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
            },
            {
               name: "FEDORA-2015-8713",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/netty/netty/pull/3754",
            },
            {
               name: "FEDORA-2015-8684",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
            },
            {
               name: "74704",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74704",
            },
            {
               name: "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
            },
            {
               name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
            },
            {
               name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E",
            },
            {
               name: "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E",
            },
            {
               name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-2156",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
                     refsource: "CONFIRM",
                     url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
                  },
                  {
                     name: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
                     refsource: "MISC",
                     url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
                  },
                  {
                     name: "FEDORA-2015-8713",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
                  },
                  {
                     name: "https://github.com/netty/netty/pull/3754",
                     refsource: "CONFIRM",
                     url: "https://github.com/netty/netty/pull/3754",
                  },
                  {
                     name: "FEDORA-2015-8684",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
                  },
                  {
                     name: "74704",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/74704",
                  },
                  {
                     name: "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
                  },
                  {
                     name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
                  },
                  {
                     name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E",
                  },
                  {
                     name: "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E",
                  },
                  {
                     name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-2156",
      datePublished: "2017-10-18T15:00:00",
      dateReserved: "2015-02-28T00:00:00",
      dateUpdated: "2024-08-06T05:10:14.283Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE9BE4D2-0AF8-4825-9108-52EF8BD6C7B5",
                     versionEndIncluding: "3.9.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A094D1-826C-4DCF-BF8F-0AA0F8A5CC5C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F5609AE-1F05-4EDC-844F-E357BE1E02B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "39F54228-AE67-4A7E-9C2F-99D3754CC8CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "069A7F48-DDF9-4C29-829F-63480AC8252A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1657CCDD-547C-462F-84A6-5C7897A0DE3D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "48DEF144-095B-4A16-B1A0-540FFCB0571D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "34811757-A83B-4177-B256-17C75669CB4F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F0B1676-F16F-49CB-A1D2-961236B29FB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D5B2C70-1CA5-4285-B85A-C01A1F0D256F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4223B041-EA1F-4EF5-9C56-93B47426D634",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FF070FD-09A2-453C-ABB0-57806785AC0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A78B72B6-389E-4EE4-86D4-9C8499BAF7CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "638159B5-DCB2-48F2-B98C-D02AA4B55567",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DD72B11-80BE-4EE8-8350-E84A4DE19A14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "938E8F20-809C-41CF-90B3-16C4FA22BE7D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "D14F96ED-9B74-446A-BDAA-37DA46BF1C52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "490A338C-50BB-4292-B3E3-EBCB4D2A89F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F11CDD4-F2C1-4019-AF12-F2F31A5A36AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F172E1C-0264-4241-988D-7EB38188E029",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "07F517E7-0C8B-4562-ABF7-F2B5B1BA682E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "C776C471-B66F-4349-B7E9-D59012B53BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4D796E9-9D65-4E1B-91DA-5CBC829A4516",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "F64F7398-0C92-459B-809D-7BA543AEF058",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "316B7A3D-69B4-4F9B-80A6-AB9858E01743",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9B6111A-96A4-4E6F-B6C4-D0B85DD2CFAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAF6D60E-C9FD-4A73-ACB8-06500ADD8486",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "8E71050A-DFA2-41E5-9544-5DFF5453B4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "0CE17333-AA06-4AD0-AFE0-B240BD22597C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*",
                     matchCriteriaId: "62D878A0-678F-4D36-89B6-D9957EF8FC16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*",
                     matchCriteriaId: "11F45B0B-5D3E-48ED-A969-1EB8E9258A7D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "9CBDD885-76D8-4A44-839F-7161A319CD21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "CCCCBA8E-471B-4EE7-99D1-FCF228F396E0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "95760FF9-A33C-4794-9585-79F29FF8218D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "49CEACD0-279B-418D-8679-22D6CD18CCC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "B8DFEB1B-2BC6-4A81-9D97-232D6BB51BAE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "4366138D-B4BC-450B-A52E-EA46CC9A2F5F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E48B60E-F85B-4DC6-806A-94D424D4E7C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "F3F1ADCB-FDE4-4C43-BFEB-EA81524C1D56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "7136FA34-EF5E-4F7B-8E78-85EA9B018758",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E350767E-C5CD-4B3E-B70C-0D166B66F64E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "80DC4D2F-CCEE-4227-A76F-F9B339E298C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "C4555E3D-B28A-4D7F-8322-8C93E055A41F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A2EFEFB-CC1C-4453-9CAC-D37063E1D851",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "A202AEE2-B1B7-49BD-BA91-98A71E7FA5B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "36E51880-F5E5-47D6-BA90-B4C6E8ADE962",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C80F35-3B8E-4F7D-9C6B-21585F2516E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8763EA91-CF68-4142-9F0F-F16AA9CF0011",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "1535A9FA-42C2-40B6-96E6-CDBCE6F54076",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C5F034A-E343-4285-A7EB-FC60F12F73AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F351418-832C-4994-B3BF-B0F0152EE810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "F03EAA0F-848C-4FCF-927E-DAFAFFA7641C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "932C1D92-71AC-4520-A296-503BF0764E94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F36EA7C0-669E-4D87-9E9C-FA3CEE565EEF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "80ED9605-6D97-4DB2-96A2-C5F0BD6DDF2B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E3107A2-7BA5-4490-98C4-A4FC127C07CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3287C930-7E89-4FE9-9570-7D05A8727AAE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "81BCC634-6424-4D53-AE78-F00782F290DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA9A457C-DA32-4094-9EF7-5DCBA4904CF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "95DE19B0-FDFD-4556-96F4-6D9470904F75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "89244DD5-3EA1-471F-B678-A6921D17A804",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "96B59DC4-58BB-424C-BEFD-DF7E43E39C21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CEFD24F-A241-44A7-9C2D-128F5C5F69BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D286954C-BD26-4433-84D3-D0F37B61BB4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA2718B3-AE02-4C76-A17F-22B72016681A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F869944-14A6-4C7A-A096-7ABB0740B7B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "05A936F4-7FC3-45CD-AEBB-5DF105A5D698",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6EDA101-F379-4CE9-83FA-1F85A501EA30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DB9E2FF-60E9-4AF7-8893-688FD90C20BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*",
                     matchCriteriaId: "52FEDFA6-7774-4946-86D7-5A2E9E727D01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "22061490-43D6-4793-A150-6159A979F586",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "2D4E1C16-BE0D-4E09-9E44-FE85A9D04568",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "856EF408-705A-48B9-B806-2AA5EE52984E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*",
                     matchCriteriaId: "E2E88D11-966D-4273-AE80-A8ADD93F7E33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*",
                     matchCriteriaId: "67A73F1E-3203-4EDE-A5FF-8225CCAEC652",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "23F4DA74-514C-433E-BE4F-756002431D2B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "344B07EE-75F3-4794-8AFB-C68E26AECBC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "CCCB3504-8E6E-4825-A45B-EE1D5DBED376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "085836CB-4832-4CBF-B2BB-E606C0F5261A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "021F9BAB-1DAD-49EE-8F37-1E4155F8C32E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "81FFB9E4-0CDB-4F9F-AAFC-5BAE1A2B7E5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "EC833EB6-FEE5-4A65-96E1-02E781D11354",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE38FB18-831C-4260-A70E-85FFB4048A90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "28889691-9C50-4E80-8893-F4A04176D881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "87AE18E4-42C2-4827-807D-E9FAA6AA6685",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A97A5A4-8D69-4514-9FF2-C7D7D2FF3FAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADB3F1A0-13DE-40F0-A368-D7967706054F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "04CE71EA-2251-4860-8343-68E89FB00507",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*",
                     matchCriteriaId: "290E178F-F7F3-42B3-8B0F-B596F556646A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*",
                     matchCriteriaId: "882AB7C8-2823-4FA7-95A7-D116421A055E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*",
                     matchCriteriaId: "C57FF361-2274-4F9A-AD5A-BB0626BF7D68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "947EF76E-2155-4191-AD7E-26A34B733B6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "36149A37-5BF7-41EC-AD65-34F5DAFFC64B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407B15E5-5355-4AE0-98E1-26B7C60D77A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "28A72C43-6033-4E99-BF41-513E4C69E2D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "2E54E70F-8F06-4558-B725-045B379D6279",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "A8061B89-3B8D-4D38-9DA8-A52EC97CF966",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D664F3EF-B07F-47BC-A9CF-6CD22CF73D98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "878003F7-7BE7-473A-B0B7-1C26A9A02D89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A2114F67-E72F-4559-8921-7567F0985ED0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "C991464B-52D4-4F70-91CE-E5FFDFCC6DD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EDCCE92-D85D-453B-B13B-52FC888F340A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*",
                     matchCriteriaId: "8CEE3098-76E1-4734-9292-09EE7FB13044",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
      },
      {
         lang: "es",
         value: "Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones anteriores a la 2.3.9 podría permitir que atacantes remotos omitan el indicador httpOnly en las cookies y obtengan información sensible aprovechando la validación incorrecta del nombre de la cookie y los caracteres del valor.",
      },
   ],
   id: "CVE-2015-2156",
   lastModified: "2024-11-21T02:26:53.763",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-10-18T15:29:00.173",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74704",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/netty/netty/pull/3754",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/74704",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/netty/netty/pull/3754",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "F790A14D-13BD-4924-9B56-BB73D7AB9441",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.0:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "63908B48-9D7B-47E1-9531-70AD5EF6351D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.0:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "31B193D1-A0A7-4707-85B3-450126229618",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.0:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "0099803B-5FDB-41C2-A0AA-3C40B6A1174D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.1:-:*:*:*:*:*:*",
                     matchCriteriaId: "9D0F9F7F-6BAA-4BFE-9EF6-5FDC89B5A100",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.2.2:-:*:*:*:*:*:*",
                     matchCriteriaId: "1ED49591-2830-4388-841E-BB774CE18E88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "CE253560-BABE-4917-80AE-92BE1AE41F04",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "81BCC634-6424-4D53-AE78-F00782F290DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA9A457C-DA32-4094-9EF7-5DCBA4904CF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.2:-:*:*:*:*:*:*",
                     matchCriteriaId: "9075EEDA-8FC6-4CD6-9420-0125E7B9A001",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "89244DD5-3EA1-471F-B678-A6921D17A804",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "96B59DC4-58BB-424C-BEFD-DF7E43E39C21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CEFD24F-A241-44A7-9C2D-128F5C5F69BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D286954C-BD26-4433-84D3-D0F37B61BB4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "36149A37-5BF7-41EC-AD65-34F5DAFFC64B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407B15E5-5355-4AE0-98E1-26B7C60D77A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "28A72C43-6033-4E99-BF41-513E4C69E2D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "2E54E70F-8F06-4558-B725-045B379D6279",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "A8061B89-3B8D-4D38-9DA8-A52EC97CF966",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D664F3EF-B07F-47BC-A9CF-6CD22CF73D98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "C991464B-52D4-4F70-91CE-E5FFDFCC6DD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EDCCE92-D85D-453B-B13B-52FC888F340A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de XEE (XML External Entity) en la funcionalidad de procesamiento de Java XML en Play, en versiones anteriores a la 2.2.6 y versiones 2.3.x anteriores a la 2.3.5, podría permitir a atacantes remotos leer archivos arbitrarios, provocar una denegación de servicio (DoS) o causar otro tipo de impacto no especificado mediante datos XML manipulados.",
      },
   ],
   id: "CVE-2014-3630",
   lastModified: "2024-11-21T02:08:32.440",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-12-29T22:29:00.363",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
      },
      {
         source: "secalert@redhat.com",
         url: "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-611",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}