vulnerability
Ubuntu: (CVE-2015-2156): netty vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Oct 18, 2017 | Jun 26, 2025 | Jul 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Oct 18, 2017
Added
Jun 26, 2025
Modified
Jul 28, 2025
Description
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Solution
no-fix-ubuntu-package
References
- CVE-2015-2156
- https://attackerkb.com/topics/CVE-2015-2156
- URL-http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156
- URL-http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html
- URL-https://github.com/slandelle/netty/commit/800555417e77029dcf8a31d7de44f27b5a8f79b8
- URL-https://www.cve.org/CVERecord?id=CVE-2015-2156
- URL-https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.