ubuntu · CVE-2015-2156

Quick triage

Priority: medium Published: 2017-10-18 15:29:00 UTC Updated: 2025-08-26 11:52:37 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-2156 medium priority: Ubuntu including 3 source packages (netty, netty-3.9, netty3.1), 75 status rows across 25 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, vivid, wily, xenial, yakkety, zesty): DNE 38, not-affected 19, ignored 13, needed 2, released 2, needs-triage 1.

Description:

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

cvelogic Threat Intelligence