Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Remediation

References

CVE-2015-2156

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2220)

WordPress Plugin WordPress Landing Page-Squeeze Page-Responsive Landing Page Builder Free-WP Lead Plus X Multiple Vulnerabilities (0.98)

WordPress Plugin NextScripts:Social Networks Auto-Poster Unspecified Vulnerability (4.3.2)

Apache Tomcat version older than 6.0.6

WordPress 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.5.1)

Severity

High

Classification

CVE-2015-2156 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities