cve-2015-2156
Vulnerability from cvelistv5
Published
2017-10-18 15:00
Modified
2024-08-06 05:10
Severity ?
Summary
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.htmlThird Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.htmlThird Party Advisory
cve@mitre.orghttp://netty.io/news/2015/05/08/3-9-8-Final-and-3.htmlVendor Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2015/05/17/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/74704Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1222923Issue Tracking, Third Party Advisory
cve@mitre.orghttps://github.com/netty/netty/pull/3754Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
cve@mitre.orghttps://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypassThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://netty.io/news/2015/05/08/3-9-8-Final-and-3.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/05/17/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74704Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1222923Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/netty/netty/pull/3754Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypassThird Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T05:10:14.283Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
               },
               {
                  name: "FEDORA-2015-8713",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/netty/netty/pull/3754",
               },
               {
                  name: "FEDORA-2015-8684",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
               },
               {
                  name: "74704",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74704",
               },
               {
                  name: "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
               },
               {
                  name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
               },
               {
                  name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E",
               },
               {
                  name: "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E",
               },
               {
                  name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-05-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-16T01:07:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
            },
            {
               name: "FEDORA-2015-8713",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/netty/netty/pull/3754",
            },
            {
               name: "FEDORA-2015-8684",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
            },
            {
               name: "74704",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74704",
            },
            {
               name: "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
            },
            {
               name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
            },
            {
               name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E",
            },
            {
               name: "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E",
            },
            {
               name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-2156",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
                     refsource: "CONFIRM",
                     url: "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html",
                  },
                  {
                     name: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
                     refsource: "MISC",
                     url: "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass",
                  },
                  {
                     name: "FEDORA-2015-8713",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222923",
                  },
                  {
                     name: "https://github.com/netty/netty/pull/3754",
                     refsource: "CONFIRM",
                     url: "https://github.com/netty/netty/pull/3754",
                  },
                  {
                     name: "FEDORA-2015-8684",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html",
                  },
                  {
                     name: "74704",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/74704",
                  },
                  {
                     name: "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/05/17/1",
                  },
                  {
                     name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
                  },
                  {
                     name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E",
                  },
                  {
                     name: "[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E",
                  },
                  {
                     name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-2156",
      datePublished: "2017-10-18T15:00:00",
      dateReserved: "2015-02-28T00:00:00",
      dateUpdated: "2024-08-06T05:10:14.283Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.9.7\", \"matchCriteriaId\": \"AE9BE4D2-0AF8-4825-9108-52EF8BD6C7B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66A094D1-826C-4DCF-BF8F-0AA0F8A5CC5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F5609AE-1F05-4EDC-844F-E357BE1E02B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F54228-AE67-4A7E-9C2F-99D3754CC8CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"069A7F48-DDF9-4C29-829F-63480AC8252A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1657CCDD-547C-462F-84A6-5C7897A0DE3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48DEF144-095B-4A16-B1A0-540FFCB0571D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34811757-A83B-4177-B256-17C75669CB4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F0B1676-F16F-49CB-A1D2-961236B29FB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D5B2C70-1CA5-4285-B85A-C01A1F0D256F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4223B041-EA1F-4EF5-9C56-93B47426D634\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FF070FD-09A2-453C-ABB0-57806785AC0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A78B72B6-389E-4EE4-86D4-9C8499BAF7CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"638159B5-DCB2-48F2-B98C-D02AA4B55567\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DD72B11-80BE-4EE8-8350-E84A4DE19A14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"938E8F20-809C-41CF-90B3-16C4FA22BE7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D14F96ED-9B74-446A-BDAA-37DA46BF1C52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"490A338C-50BB-4292-B3E3-EBCB4D2A89F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F11CDD4-F2C1-4019-AF12-F2F31A5A36AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F172E1C-0264-4241-988D-7EB38188E029\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07F517E7-0C8B-4562-ABF7-F2B5B1BA682E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C776C471-B66F-4349-B7E9-D59012B53BC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4D796E9-9D65-4E1B-91DA-5CBC829A4516\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F64F7398-0C92-459B-809D-7BA543AEF058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"316B7A3D-69B4-4F9B-80A6-AB9858E01743\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9B6111A-96A4-4E6F-B6C4-D0B85DD2CFAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAF6D60E-C9FD-4A73-ACB8-06500ADD8486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E71050A-DFA2-41E5-9544-5DFF5453B4EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CE17333-AA06-4AD0-AFE0-B240BD22597C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"62D878A0-678F-4D36-89B6-D9957EF8FC16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"11F45B0B-5D3E-48ED-A969-1EB8E9258A7D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CBDD885-76D8-4A44-839F-7161A319CD21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCCCBA8E-471B-4EE7-99D1-FCF228F396E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"95760FF9-A33C-4794-9585-79F29FF8218D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49CEACD0-279B-418D-8679-22D6CD18CCC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8DFEB1B-2BC6-4A81-9D97-232D6BB51BAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4366138D-B4BC-450B-A52E-EA46CC9A2F5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E48B60E-F85B-4DC6-806A-94D424D4E7C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3F1ADCB-FDE4-4C43-BFEB-EA81524C1D56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7136FA34-EF5E-4F7B-8E78-85EA9B018758\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E350767E-C5CD-4B3E-B70C-0D166B66F64E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"80DC4D2F-CCEE-4227-A76F-F9B339E298C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4555E3D-B28A-4D7F-8322-8C93E055A41F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A2EFEFB-CC1C-4453-9CAC-D37063E1D851\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A202AEE2-B1B7-49BD-BA91-98A71E7FA5B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"36E51880-F5E5-47D6-BA90-B4C6E8ADE962\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3C80F35-3B8E-4F7D-9C6B-21585F2516E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8763EA91-CF68-4142-9F0F-F16AA9CF0011\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1535A9FA-42C2-40B6-96E6-CDBCE6F54076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C5F034A-E343-4285-A7EB-FC60F12F73AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F351418-832C-4994-B3BF-B0F0152EE810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F03EAA0F-848C-4FCF-927E-DAFAFFA7641C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"932C1D92-71AC-4520-A296-503BF0764E94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F36EA7C0-669E-4D87-9E9C-FA3CEE565EEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80ED9605-6D97-4DB2-96A2-C5F0BD6DDF2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E3107A2-7BA5-4490-98C4-A4FC127C07CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3287C930-7E89-4FE9-9570-7D05A8727AAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"81BCC634-6424-4D53-AE78-F00782F290DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA9A457C-DA32-4094-9EF7-5DCBA4904CF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95DE19B0-FDFD-4556-96F4-6D9470904F75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"89244DD5-3EA1-471F-B678-A6921D17A804\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"96B59DC4-58BB-424C-BEFD-DF7E43E39C21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CEFD24F-A241-44A7-9C2D-128F5C5F69BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D286954C-BD26-4433-84D3-D0F37B61BB4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA2718B3-AE02-4C76-A17F-22B72016681A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F869944-14A6-4C7A-A096-7ABB0740B7B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05A936F4-7FC3-45CD-AEBB-5DF105A5D698\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6EDA101-F379-4CE9-83FA-1F85A501EA30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DB9E2FF-60E9-4AF7-8893-688FD90C20BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"52FEDFA6-7774-4946-86D7-5A2E9E727D01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"22061490-43D6-4793-A150-6159A979F586\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D4E1C16-BE0D-4E09-9E44-FE85A9D04568\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"856EF408-705A-48B9-B806-2AA5EE52984E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2E88D11-966D-4273-AE80-A8ADD93F7E33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*\", \"matchCriteriaId\": \"67A73F1E-3203-4EDE-A5FF-8225CCAEC652\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"23F4DA74-514C-433E-BE4F-756002431D2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"344B07EE-75F3-4794-8AFB-C68E26AECBC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCCB3504-8E6E-4825-A45B-EE1D5DBED376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"085836CB-4832-4CBF-B2BB-E606C0F5261A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"021F9BAB-1DAD-49EE-8F37-1E4155F8C32E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"81FFB9E4-0CDB-4F9F-AAFC-5BAE1A2B7E5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC833EB6-FEE5-4A65-96E1-02E781D11354\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE38FB18-831C-4260-A70E-85FFB4048A90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"28889691-9C50-4E80-8893-F4A04176D881\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"87AE18E4-42C2-4827-807D-E9FAA6AA6685\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A97A5A4-8D69-4514-9FF2-C7D7D2FF3FAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADB3F1A0-13DE-40F0-A368-D7967706054F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"04CE71EA-2251-4860-8343-68E89FB00507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*\", \"matchCriteriaId\": \"290E178F-F7F3-42B3-8B0F-B596F556646A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*\", \"matchCriteriaId\": \"882AB7C8-2823-4FA7-95A7-D116421A055E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C57FF361-2274-4F9A-AD5A-BB0626BF7D68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"947EF76E-2155-4191-AD7E-26A34B733B6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"36149A37-5BF7-41EC-AD65-34F5DAFFC64B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"407B15E5-5355-4AE0-98E1-26B7C60D77A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"28A72C43-6033-4E99-BF41-513E4C69E2D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E54E70F-8F06-4558-B725-045B379D6279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8061B89-3B8D-4D38-9DA8-A52EC97CF966\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D664F3EF-B07F-47BC-A9CF-6CD22CF73D98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"878003F7-7BE7-473A-B0B7-1C26A9A02D89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2114F67-E72F-4559-8921-7567F0985ED0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C991464B-52D4-4F70-91CE-E5FFDFCC6DD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EDCCE92-D85D-453B-B13B-52FC888F340A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CEE3098-76E1-4734-9292-09EE7FB13044\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.\"}, {\"lang\": \"es\", \"value\": \"Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones anteriores a la 2.3.9 podr\\u00eda permitir que atacantes remotos omitan el indicador httpOnly en las cookies y obtengan informaci\\u00f3n sensible aprovechando la validaci\\u00f3n incorrecta del nombre de la cookie y los caracteres del valor.\"}]",
         id: "CVE-2015-2156",
         lastModified: "2024-11-21T02:26:53.763",
         metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2017-10-18T15:29:00.173",
         references: "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/05/17/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74704\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1222923\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/netty/netty/pull/3754\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/05/17/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74704\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1222923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/netty/netty/pull/3754\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2015-2156\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-18T15:29:00.173\",\"lastModified\":\"2024-11-21T02:26:53.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.\"},{\"lang\":\"es\",\"value\":\"Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones anteriores a la 2.3.9 podría permitir que atacantes remotos omitan el indicador httpOnly en las cookies y obtengan información sensible aprovechando la validación incorrecta del nombre de la cookie y los caracteres del valor.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.9.7\",\"matchCriteriaId\":\"AE9BE4D2-0AF8-4825-9108-52EF8BD6C7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A094D1-826C-4DCF-BF8F-0AA0F8A5CC5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5609AE-1F05-4EDC-844F-E357BE1E02B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F54228-AE67-4A7E-9C2F-99D3754CC8CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"069A7F48-DDF9-4C29-829F-63480AC8252A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1657CCDD-547C-462F-84A6-5C7897A0DE3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48DEF144-095B-4A16-B1A0-540FFCB0571D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34811757-A83B-4177-B256-17C75669CB4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0B1676-F16F-49CB-A1D2-961236B29FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D5B2C70-1CA5-4285-B85A-C01A1F0D256F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4223B041-EA1F-4EF5-9C56-93B47426D634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FF070FD-09A2-453C-ABB0-57806785AC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A78B72B6-389E-4EE4-86D4-9C8499BAF7CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638159B5-DCB2-48F2-B98C-D02AA4B55567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DD72B11-80BE-4EE8-8350-E84A4DE19A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"938E8F20-809C-41CF-90B3-16C4FA22BE7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14F96ED-9B74-446A-BDAA-37DA46BF1C52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490A338C-50BB-4292-B3E3-EBCB4D2A89F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F11CDD4-F2C1-4019-AF12-F2F31A5A36AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F172E1C-0264-4241-988D-7EB38188E029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07F517E7-0C8B-4562-ABF7-F2B5B1BA682E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C776C471-B66F-4349-B7E9-D59012B53BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D796E9-9D65-4E1B-91DA-5CBC829A4516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F64F7398-0C92-459B-809D-7BA543AEF058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"316B7A3D-69B4-4F9B-80A6-AB9858E01743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9B6111A-96A4-4E6F-B6C4-D0B85DD2CFAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAF6D60E-C9FD-4A73-ACB8-06500ADD8486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E71050A-DFA2-41E5-9544-5DFF5453B4EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CE17333-AA06-4AD0-AFE0-B240BD22597C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D878A0-678F-4D36-89B6-D9957EF8FC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F45B0B-5D3E-48ED-A969-1EB8E9258A7D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CBDD885-76D8-4A44-839F-7161A319CD21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCCBA8E-471B-4EE7-99D1-FCF228F396E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"95760FF9-A33C-4794-9585-79F29FF8218D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49CEACD0-279B-418D-8679-22D6CD18CCC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DFEB1B-2BC6-4A81-9D97-232D6BB51BAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4366138D-B4BC-450B-A52E-EA46CC9A2F5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E48B60E-F85B-4DC6-806A-94D424D4E7C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F1ADCB-FDE4-4C43-BFEB-EA81524C1D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7136FA34-EF5E-4F7B-8E78-85EA9B018758\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E350767E-C5CD-4B3E-B70C-0D166B66F64E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"80DC4D2F-CCEE-4227-A76F-F9B339E298C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4555E3D-B28A-4D7F-8322-8C93E055A41F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2EFEFB-CC1C-4453-9CAC-D37063E1D851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A202AEE2-B1B7-49BD-BA91-98A71E7FA5B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"36E51880-F5E5-47D6-BA90-B4C6E8ADE962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C80F35-3B8E-4F7D-9C6B-21585F2516E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8763EA91-CF68-4142-9F0F-F16AA9CF0011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1535A9FA-42C2-40B6-96E6-CDBCE6F54076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5F034A-E343-4285-A7EB-FC60F12F73AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F351418-832C-4994-B3BF-B0F0152EE810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F03EAA0F-848C-4FCF-927E-DAFAFFA7641C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932C1D92-71AC-4520-A296-503BF0764E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F36EA7C0-669E-4D87-9E9C-FA3CEE565EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80ED9605-6D97-4DB2-96A2-C5F0BD6DDF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E3107A2-7BA5-4490-98C4-A4FC127C07CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3287C930-7E89-4FE9-9570-7D05A8727AAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"81BCC634-6424-4D53-AE78-F00782F290DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA9A457C-DA32-4094-9EF7-5DCBA4904CF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95DE19B0-FDFD-4556-96F4-6D9470904F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"89244DD5-3EA1-471F-B678-A6921D17A804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B59DC4-58BB-424C-BEFD-DF7E43E39C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CEFD24F-A241-44A7-9C2D-128F5C5F69BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D286954C-BD26-4433-84D3-D0F37B61BB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA2718B3-AE02-4C76-A17F-22B72016681A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F869944-14A6-4C7A-A096-7ABB0740B7B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05A936F4-7FC3-45CD-AEBB-5DF105A5D698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6EDA101-F379-4CE9-83FA-1F85A501EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DB9E2FF-60E9-4AF7-8893-688FD90C20BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"52FEDFA6-7774-4946-86D7-5A2E9E727D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"22061490-43D6-4793-A150-6159A979F586\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D4E1C16-BE0D-4E09-9E44-FE85A9D04568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"856EF408-705A-48B9-B806-2AA5EE52984E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2E88D11-966D-4273-AE80-A8ADD93F7E33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*\",\"matchCriteriaId\":\"67A73F1E-3203-4EDE-A5FF-8225CCAEC652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"23F4DA74-514C-433E-BE4F-756002431D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"344B07EE-75F3-4794-8AFB-C68E26AECBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCB3504-8E6E-4825-A45B-EE1D5DBED376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"085836CB-4832-4CBF-B2BB-E606C0F5261A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"021F9BAB-1DAD-49EE-8F37-1E4155F8C32E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FFB9E4-0CDB-4F9F-AAFC-5BAE1A2B7E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC833EB6-FEE5-4A65-96E1-02E781D11354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE38FB18-831C-4260-A70E-85FFB4048A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"28889691-9C50-4E80-8893-F4A04176D881\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"87AE18E4-42C2-4827-807D-E9FAA6AA6685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A97A5A4-8D69-4514-9FF2-C7D7D2FF3FAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB3F1A0-13DE-40F0-A368-D7967706054F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"04CE71EA-2251-4860-8343-68E89FB00507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"290E178F-F7F3-42B3-8B0F-B596F556646A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*\",\"matchCriteriaId\":\"882AB7C8-2823-4FA7-95A7-D116421A055E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C57FF361-2274-4F9A-AD5A-BB0626BF7D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"947EF76E-2155-4191-AD7E-26A34B733B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"36149A37-5BF7-41EC-AD65-34F5DAFFC64B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"407B15E5-5355-4AE0-98E1-26B7C60D77A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"28A72C43-6033-4E99-BF41-513E4C69E2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E54E70F-8F06-4558-B725-045B379D6279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8061B89-3B8D-4D38-9DA8-A52EC97CF966\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D664F3EF-B07F-47BC-A9CF-6CD22CF73D98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"878003F7-7BE7-473A-B0B7-1C26A9A02D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2114F67-E72F-4559-8921-7567F0985ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C991464B-52D4-4F70-91CE-E5FFDFCC6DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EDCCE92-D85D-453B-B13B-52FC888F340A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CEE3098-76E1-4734-9292-09EE7FB13044\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/05/17/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1222923\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/pull/3754\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/05/17/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1222923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/pull/3754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.