← voltar
CVE-2015-2156

CVE-2015-2156

EPSS 5.4%
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.htmlhttp://netty.io/news/2015/05/08/3-9-8-Final-and-3.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1222923https://github.com/netty/netty/pull/3754https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3Ehttps://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3Ehttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Ehttps://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypasshttp://www.openwall.com/lists/oss-security/2015/05/17/1http://www.securityfocus.com/bid/74704