Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Remediation

References

CVE-2015-2156

Related Vulnerabilities

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7874)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Cross-Site Scripting (3.6.1)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.6.6)

PHP Use After Free Vulnerability (CVE-2014-3622)

WordPress Plugin BSK PDF Manager Multiple SQL Injection Vulnerabilities (1.3.2)

Severity

High

Classification

CVE-2015-2156 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities