Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Remediation

References

CVE-2015-2156

Related Vulnerabilities

WordPress Plugin Import Spreadsheets from Microsoft Excel Cross-Site Scripting (10.1.3)

WordPress Plugin WooCommerce Privilege Escalation (3.5.0)

WordPress Plugin Logo Slider and Showcase Security Bypass (1.3.36)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-5000)

mod_ssl Other Vulnerability (CVE-2004-0700)

Severity

High

Classification

CVE-2015-2156 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities