CVE-2015-2156
Description
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
3.271
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-2156 are fixed in netty 3.10.3 | Windows |
| Vulnerabilities CVE-2015-2156 are fixed in netty 3.9.8 | Windows |
| Vulnerabilities CVE-2015-2156 are fixed in JBoss-netty 3.9.8 | Windows |
| Vulnerabilities CVE-2015-2156 are fixed in JBoss-netty 3.10.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Vulnerabilities CVE-2015-2156 are fixed in Netty - netty-parent 4.0.28 | Windows |
| Vulnerabilities CVE-2015-2156 are fixed in netty for Linux 3.10.3 | Linux |
| Vulnerabilities CVE-2015-2156 are fixed in netty for Linux 3.9.8 | Linux |
| Vulnerabilities CVE-2015-2156 are fixed in JBoss-netty for Linux 3.9.8 | Linux |
| Vulnerabilities CVE-2015-2156 are fixed in JBoss-netty for Linux 3.10.3 | Linux |
| Vulnerabilities CVE-2015-2156 are fixed in Netty - netty-parent for Linux 4.0.28 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234