cve-2015-2156
Vulnerability from cvelistv5
Published
2017-10-18 15:00
Modified
2024-08-06 05:10
Severity ?
Summary
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:10:14.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
          },
          {
            "name": "FEDORA-2015-8713",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/pull/3754"
          },
          {
            "name": "FEDORA-2015-8684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
          },
          {
            "name": "74704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74704"
          },
          {
            "name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-16T01:07:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
        },
        {
          "name": "FEDORA-2015-8713",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/pull/3754"
        },
        {
          "name": "FEDORA-2015-8684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
        },
        {
          "name": "74704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74704"
        },
        {
          "name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2156",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
              "refsource": "CONFIRM",
              "url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"
            },
            {
              "name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
              "refsource": "MISC",
              "url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"
            },
            {
              "name": "FEDORA-2015-8713",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923"
            },
            {
              "name": "https://github.com/netty/netty/pull/3754",
              "refsource": "CONFIRM",
              "url": "https://github.com/netty/netty/pull/3754"
            },
            {
              "name": "FEDORA-2015-8684",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"
            },
            {
              "name": "74704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74704"
            },
            {
              "name": "[oss-security] 20150516 Netty/Play\u0027s Security Updates (CVE-2015-2156)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/05/17/1"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2156",
    "datePublished": "2017-10-18T15:00:00",
    "dateReserved": "2015-02-28T00:00:00",
    "dateUpdated": "2024-08-06T05:10:14.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2156\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-18T15:29:00.173\",\"lastModified\":\"2023-11-07T02:25:09.667\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.\"},{\"lang\":\"es\",\"value\":\"Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones anteriores a la 2.3.9 podr\u00eda permitir que atacantes remotos omitan el indicador httpOnly en las cookies y obtengan informaci\u00f3n sensible aprovechando la validaci\u00f3n incorrecta del nombre de la cookie y los caracteres del valor.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.9.7\",\"matchCriteriaId\":\"AE9BE4D2-0AF8-4825-9108-52EF8BD6C7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A094D1-826C-4DCF-BF8F-0AA0F8A5CC5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5609AE-1F05-4EDC-844F-E357BE1E02B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F54228-AE67-4A7E-9C2F-99D3754CC8CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"069A7F48-DDF9-4C29-829F-63480AC8252A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1657CCDD-547C-462F-84A6-5C7897A0DE3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48DEF144-095B-4A16-B1A0-540FFCB0571D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34811757-A83B-4177-B256-17C75669CB4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0B1676-F16F-49CB-A1D2-961236B29FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D5B2C70-1CA5-4285-B85A-C01A1F0D256F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4223B041-EA1F-4EF5-9C56-93B47426D634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FF070FD-09A2-453C-ABB0-57806785AC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A78B72B6-389E-4EE4-86D4-9C8499BAF7CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638159B5-DCB2-48F2-B98C-D02AA4B55567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DD72B11-80BE-4EE8-8350-E84A4DE19A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"938E8F20-809C-41CF-90B3-16C4FA22BE7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14F96ED-9B74-446A-BDAA-37DA46BF1C52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490A338C-50BB-4292-B3E3-EBCB4D2A89F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F11CDD4-F2C1-4019-AF12-F2F31A5A36AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F172E1C-0264-4241-988D-7EB38188E029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07F517E7-0C8B-4562-ABF7-F2B5B1BA682E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C776C471-B66F-4349-B7E9-D59012B53BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D796E9-9D65-4E1B-91DA-5CBC829A4516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F64F7398-0C92-459B-809D-7BA543AEF058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"316B7A3D-69B4-4F9B-80A6-AB9858E01743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9B6111A-96A4-4E6F-B6C4-D0B85DD2CFAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAF6D60E-C9FD-4A73-ACB8-06500ADD8486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E71050A-DFA2-41E5-9544-5DFF5453B4EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CE17333-AA06-4AD0-AFE0-B240BD22597C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D878A0-678F-4D36-89B6-D9957EF8FC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F45B0B-5D3E-48ED-A969-1EB8E9258A7D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CBDD885-76D8-4A44-839F-7161A319CD21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCCBA8E-471B-4EE7-99D1-FCF228F396E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"95760FF9-A33C-4794-9585-79F29FF8218D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49CEACD0-279B-418D-8679-22D6CD18CCC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DFEB1B-2BC6-4A81-9D97-232D6BB51BAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4366138D-B4BC-450B-A52E-EA46CC9A2F5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E48B60E-F85B-4DC6-806A-94D424D4E7C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F1ADCB-FDE4-4C43-BFEB-EA81524C1D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7136FA34-EF5E-4F7B-8E78-85EA9B018758\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E350767E-C5CD-4B3E-B70C-0D166B66F64E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"80DC4D2F-CCEE-4227-A76F-F9B339E298C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4555E3D-B28A-4D7F-8322-8C93E055A41F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2EFEFB-CC1C-4453-9CAC-D37063E1D851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A202AEE2-B1B7-49BD-BA91-98A71E7FA5B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"36E51880-F5E5-47D6-BA90-B4C6E8ADE962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C80F35-3B8E-4F7D-9C6B-21585F2516E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8763EA91-CF68-4142-9F0F-F16AA9CF0011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1535A9FA-42C2-40B6-96E6-CDBCE6F54076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5F034A-E343-4285-A7EB-FC60F12F73AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F351418-832C-4994-B3BF-B0F0152EE810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F03EAA0F-848C-4FCF-927E-DAFAFFA7641C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932C1D92-71AC-4520-A296-503BF0764E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F36EA7C0-669E-4D87-9E9C-FA3CEE565EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80ED9605-6D97-4DB2-96A2-C5F0BD6DDF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E3107A2-7BA5-4490-98C4-A4FC127C07CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3287C930-7E89-4FE9-9570-7D05A8727AAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"81BCC634-6424-4D53-AE78-F00782F290DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA9A457C-DA32-4094-9EF7-5DCBA4904CF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95DE19B0-FDFD-4556-96F4-6D9470904F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"89244DD5-3EA1-471F-B678-A6921D17A804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B59DC4-58BB-424C-BEFD-DF7E43E39C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CEFD24F-A241-44A7-9C2D-128F5C5F69BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D286954C-BD26-4433-84D3-D0F37B61BB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA2718B3-AE02-4C76-A17F-22B72016681A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F869944-14A6-4C7A-A096-7ABB0740B7B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05A936F4-7FC3-45CD-AEBB-5DF105A5D698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6EDA101-F379-4CE9-83FA-1F85A501EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DB9E2FF-60E9-4AF7-8893-688FD90C20BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"52FEDFA6-7774-4946-86D7-5A2E9E727D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"22061490-43D6-4793-A150-6159A979F586\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D4E1C16-BE0D-4E09-9E44-FE85A9D04568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"856EF408-705A-48B9-B806-2AA5EE52984E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2E88D11-966D-4273-AE80-A8ADD93F7E33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*\",\"matchCriteriaId\":\"67A73F1E-3203-4EDE-A5FF-8225CCAEC652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"23F4DA74-514C-433E-BE4F-756002431D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"344B07EE-75F3-4794-8AFB-C68E26AECBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCB3504-8E6E-4825-A45B-EE1D5DBED376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"085836CB-4832-4CBF-B2BB-E606C0F5261A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"021F9BAB-1DAD-49EE-8F37-1E4155F8C32E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FFB9E4-0CDB-4F9F-AAFC-5BAE1A2B7E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC833EB6-FEE5-4A65-96E1-02E781D11354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE38FB18-831C-4260-A70E-85FFB4048A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"28889691-9C50-4E80-8893-F4A04176D881\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"87AE18E4-42C2-4827-807D-E9FAA6AA6685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A97A5A4-8D69-4514-9FF2-C7D7D2FF3FAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB3F1A0-13DE-40F0-A368-D7967706054F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"04CE71EA-2251-4860-8343-68E89FB00507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"290E178F-F7F3-42B3-8B0F-B596F556646A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*\",\"matchCriteriaId\":\"882AB7C8-2823-4FA7-95A7-D116421A055E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C57FF361-2274-4F9A-AD5A-BB0626BF7D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"947EF76E-2155-4191-AD7E-26A34B733B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"36149A37-5BF7-41EC-AD65-34F5DAFFC64B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"407B15E5-5355-4AE0-98E1-26B7C60D77A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"28A72C43-6033-4E99-BF41-513E4C69E2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E54E70F-8F06-4558-B725-045B379D6279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8061B89-3B8D-4D38-9DA8-A52EC97CF966\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D664F3EF-B07F-47BC-A9CF-6CD22CF73D98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"878003F7-7BE7-473A-B0B7-1C26A9A02D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2114F67-E72F-4559-8921-7567F0985ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C991464B-52D4-4F70-91CE-E5FFDFCC6DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EDCCE92-D85D-453B-B13B-52FC888F340A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CEE3098-76E1-4734-9292-09EE7FB13044\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/05/17/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1222923\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/pull/3754\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.