CVE-2015-2156

Name of the Vulnerable Software and Affected Versions Netty versions 3.9.7 and earlier, 3.10.x prior to 3.10.3.Final, 4.0.x prior to 4.0.28.Final, 4.1.x prior to 4.1.0.Beta5 Play Framework versions 2.x prior to 2.3.9

Description The issue allows remote attackers to bypass the httpOnly flag on cookies, potentially obtaining sensitive information. This is due to improper validation of cookie name and value characters.

Recommendations For Netty versions 3.9.7 and earlier, update to version 3.9.8.Final or later. For Netty versions 3.10.x prior to 3.10.3.Final, update to version 3.10.3.Final or later. For Netty versions 4.0.x prior to 4.0.28.Final, update to version 4.0.28.Final or later. For Netty versions 4.1.x prior to 4.1.0.Beta5, update to version 4.1.0.Beta5 or later. For Play Framework versions 2.x prior to 2.3.9, update to version 2.3.9 or later.