HomeNettyCVE-2015-2156

CVE-2015-2156

HIGH
7.5CVSS
Published: 2017-10-18
Updated: 2025-04-20
AI Analysis

Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

CVSS Metrics

Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
network
Complexity
low
Privileges
none
User Action
none
Scope
unchanged
Confidentiality
high
Integrity
none
Availability
none
Weaknesses
CWE-20

Metadata

Primary Vendor
NETTY
Published
10/18/2017
Last Modified
4/20/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

netty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettynetty : nettylightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworklightbend : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_frameworkplayframework : play_framework

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2015-2156 | HIGH Severity | CVEDatabase.com | CVEDatabase.com