Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-18T15:00:00

Updated: 2024-08-06T05:10:14.283Z

Reserved: 2015-02-28T00:00:00

Link: CVE-2015-2156

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-10-18T15:29:00.173

Modified: 2024-11-21T02:26:53.763

Link: CVE-2015-2156

cve-icon Redhat

Severity : Low

Publid Date: 2015-05-09T00:00:00Z

Links: CVE-2015-2156 - Bugzilla