DEBIAN-CVE-2015-2156

DEBIAN-CVE-2015-2156 PUBLISHED CVSS 7.5 HIGH

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	netty	0, 0, 0
Debian:14	netty	0, 0, 0
Debian:11	netty	0, 0, 0
Debian:12	netty	0, 0, 0

Timeline

Oct 18, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-2156 advisory

Open in Interactive Console →