Description
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Remediation
References
Related Vulnerabilities
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14280)
PHP Other Vulnerability (CVE-2007-1889)
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.4)
Internet Information Services Other Vulnerability (CVE-2002-1695)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)