{"api_version":"1","generated_at":"2026-05-13T13:53:48+00:00","cve":"CVE-2015-2156","urls":{"html":"https://cve.report/CVE-2015-2156","api":"https://cve.report/api/cve/CVE-2015-2156.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-2156","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-2156"},"summary":{"title":"CVE-2015-2156","description":"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-10-18 15:29:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222923","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1222923","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"],"title":"1222923 – (CVE-2015-2156) CVE-2015-2156 netty: HttpOnly cookie bypass","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","name":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E","name":"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2015/05/17/1","name":"http://www.openwall.com/lists/oss-security/2015/05/17/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Netty/Play's Security Updates (CVE­-2015­-2156)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/74704","name":"http://www.securityfocus.com/bid/74704","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Netty and Play Framework CVE-2015-2156 Session Hijacking Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E","name":"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/netty/netty/pull/3754","name":"https://github.com/netty/netty/pull/3754","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Validate cookie name and value characters by slandelle · Pull Request #3754 · netty/netty · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E","name":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 22 Update: netty-4.0.28-1.fc22","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 21 Update: netty-4.0.28-1.fc21","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html","name":"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Netty.news: Netty 3.9.8.Final and 3.10.3.Final released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass","name":"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Play Framework Security Advisory","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E","name":"MLIST:[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E","name":"MLIST:[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E","name":"MLIST:[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E","name":"MLIST:[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-2156","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2156","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0","cpe7":"rc5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.2","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.2","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.3","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.3","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.4","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.4","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.5","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.5","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.1.1","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.2","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.2","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lightbend","cpe5":"play_framework","cpe6":"2.3.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"3.10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"3.10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"3.10.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.26","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.27","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.1.0","cpe7":"beta1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.1.0","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.1.0","cpe7":"beta3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"4.1.0","cpe7":"beta4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"3.9.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netty","cpe5":"netty","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.0","cpe7":"beta","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.1","cpe7":"2.9.x-backport","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.1","cpe7":"rc1-2.9.x-backport","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.1","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.2","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.2","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.3","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.3","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.4","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.4","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.1.6","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.0","cpe7":"m1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.0","cpe7":"m2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.0","cpe7":"m3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.1","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.2","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.2","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.2","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.2","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.3","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.3","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"playframework","cpe5":"play_framework","cpe6":"2.3","cpe7":"m1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2015-2156","qid":"980761","title":"Java (maven) Security Update for io.netty:netty-handler (GHSA-xfv3-rrfm-f2rv)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T05:10:14.283Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"},{"name":"FEDORA-2015-8713","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222923"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/netty/netty/pull/3754"},{"name":"FEDORA-2015-8684","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"},{"name":"74704","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/74704"},{"name":"[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2015/05/17/1"},{"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-05-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-11-16T01:07:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"},{"tags":["x_refsource_MISC"],"url":"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"},{"name":"FEDORA-2015-8713","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222923"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/netty/netty/pull/3754"},{"name":"FEDORA-2015-8684","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"},{"name":"74704","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/74704"},{"name":"[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2015/05/17/1"},{"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-2156","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html","refsource":"CONFIRM","url":"http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html"},{"name":"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass","refsource":"MISC","url":"https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass"},{"name":"FEDORA-2015-8713","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1222923","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222923"},{"name":"https://github.com/netty/netty/pull/3754","refsource":"CONFIRM","url":"https://github.com/netty/netty/pull/3754"},{"name":"FEDORA-2015-8684","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html"},{"name":"74704","refsource":"BID","url":"http://www.securityfocus.com/bid/74704"},{"name":"[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2015/05/17/1"},{"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1","refsource":"MLIST","url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"},{"name":"[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/a19bb1003b0d6cd22475ba83c019b4fc7facfef2a9e13f71132529d3@%3Ccommits.cassandra.apache.org%3E"},{"name":"[cassandra-commits] 20191114 [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/dc1275aef115bda172851a231c76c0932d973f9ffd8bc375c4aba769@%3Ccommits.cassandra.apache.org%3E"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","refsource":"MLIST","url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2015-2156","datePublished":"2017-10-18T15:00:00.000Z","dateReserved":"2015-02-28T00:00:00.000Z","dateUpdated":"2024-08-06T05:10:14.283Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-10-18 15:29:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionEndIncluding":"3.9.7","matchCriteriaId":"AE9BE4D2-0AF8-4825-9108-52EF8BD6C7B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*","matchCriteriaId":"66A094D1-826C-4DCF-BF8F-0AA0F8A5CC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*","matchCriteriaId":"3F5609AE-1F05-4EDC-844F-E357BE1E02B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*","matchCriteriaId":"39F54228-AE67-4A7E-9C2F-99D3754CC8CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"069A7F48-DDF9-4C29-829F-63480AC8252A"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1657CCDD-547C-462F-84A6-5C7897A0DE3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"48DEF144-095B-4A16-B1A0-540FFCB0571D"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"34811757-A83B-4177-B256-17C75669CB4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"2F0B1676-F16F-49CB-A1D2-961236B29FB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"9D5B2C70-1CA5-4285-B85A-C01A1F0D256F"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"4223B041-EA1F-4EF5-9C56-93B47426D634"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"3CC66E4C-0291-4F01-B6FF-1E6ABFFE3DD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*","matchCriteriaId":"3FF070FD-09A2-453C-ABB0-57806785AC0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*","matchCriteriaId":"2DB8331D-6E3B-419A-A5D1-7FCA56B01D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*","matchCriteriaId":"A78B72B6-389E-4EE4-86D4-9C8499BAF7CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*","matchCriteriaId":"79C9F0BF-82E7-4E8D-81E0-8BE38AC892FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*","matchCriteriaId":"638159B5-DCB2-48F2-B98C-D02AA4B55567"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*","matchCriteriaId":"8DD72B11-80BE-4EE8-8350-E84A4DE19A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*","matchCriteriaId":"938E8F20-809C-41CF-90B3-16C4FA22BE7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*","matchCriteriaId":"7ECC0699-8544-4D5E-ACF9-C09A5EF7C6A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*","matchCriteriaId":"3947E2CD-9E5C-4D8F-970E-9AFCEBB9BEA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*","matchCriteriaId":"D14F96ED-9B74-446A-BDAA-37DA46BF1C52"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*","matchCriteriaId":"490A338C-50BB-4292-B3E3-EBCB4D2A89F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*","matchCriteriaId":"6F11CDD4-F2C1-4019-AF12-F2F31A5A36AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*","matchCriteriaId":"8F172E1C-0264-4241-988D-7EB38188E029"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*","matchCriteriaId":"07F517E7-0C8B-4562-ABF7-F2B5B1BA682E"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*","matchCriteriaId":"C776C471-B66F-4349-B7E9-D59012B53BC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*","matchCriteriaId":"D4D796E9-9D65-4E1B-91DA-5CBC829A4516"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*","matchCriteriaId":"F64F7398-0C92-459B-809D-7BA543AEF058"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*","matchCriteriaId":"316B7A3D-69B4-4F9B-80A6-AB9858E01743"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*","matchCriteriaId":"C9B6111A-96A4-4E6F-B6C4-D0B85DD2CFAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*","matchCriteriaId":"CAF6D60E-C9FD-4A73-ACB8-06500ADD8486"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*","matchCriteriaId":"8E71050A-DFA2-41E5-9544-5DFF5453B4EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*","matchCriteriaId":"0CE17333-AA06-4AD0-AFE0-B240BD22597C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*","matchCriteriaId":"62D878A0-678F-4D36-89B6-D9957EF8FC16"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*","matchCriteriaId":"11F45B0B-5D3E-48ED-A969-1EB8E9258A7D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*","matchCriteriaId":"9CBDD885-76D8-4A44-839F-7161A319CD21"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*","matchCriteriaId":"CCCCBA8E-471B-4EE7-99D1-FCF228F396E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*","matchCriteriaId":"95760FF9-A33C-4794-9585-79F29FF8218D"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"49CEACD0-279B-418D-8679-22D6CD18CCC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*","matchCriteriaId":"B8DFEB1B-2BC6-4A81-9D97-232D6BB51BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*","matchCriteriaId":"4366138D-B4BC-450B-A52E-EA46CC9A2F5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3E48B60E-F85B-4DC6-806A-94D424D4E7C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*","matchCriteriaId":"F3F1ADCB-FDE4-4C43-BFEB-EA81524C1D56"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*","matchCriteriaId":"7136FA34-EF5E-4F7B-8E78-85EA9B018758"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"E350767E-C5CD-4B3E-B70C-0D166B66F64E"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*","matchCriteriaId":"80DC4D2F-CCEE-4227-A76F-F9B339E298C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*","matchCriteriaId":"C4555E3D-B28A-4D7F-8322-8C93E055A41F"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"4A2EFEFB-CC1C-4453-9CAC-D37063E1D851"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*","matchCriteriaId":"A202AEE2-B1B7-49BD-BA91-98A71E7FA5B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*","matchCriteriaId":"36E51880-F5E5-47D6-BA90-B4C6E8ADE962"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"A3C80F35-3B8E-4F7D-9C6B-21585F2516E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"8763EA91-CF68-4142-9F0F-F16AA9CF0011"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"1535A9FA-42C2-40B6-96E6-CDBCE6F54076"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"3C5F034A-E343-4285-A7EB-FC60F12F73AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6F351418-832C-4994-B3BF-B0F0152EE810"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*","matchCriteriaId":"F03EAA0F-848C-4FCF-927E-DAFAFFA7641C"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"932C1D92-71AC-4520-A296-503BF0764E94"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F36EA7C0-669E-4D87-9E9C-FA3CEE565EEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"80ED9605-6D97-4DB2-96A2-C5F0BD6DDF2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*","matchCriteriaId":"3E3107A2-7BA5-4490-98C4-A4FC127C07CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3287C930-7E89-4FE9-9570-7D05A8727AAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*","matchCriteriaId":"475F2D6C-A82A-4607-AEEA-EB16DC7F3EEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*","matchCriteriaId":"81BCC634-6424-4D53-AE78-F00782F290DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"EA9A457C-DA32-4094-9EF7-5DCBA4904CF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"95DE19B0-FDFD-4556-96F4-6D9470904F75"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*","matchCriteriaId":"89244DD5-3EA1-471F-B678-A6921D17A804"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*","matchCriteriaId":"96B59DC4-58BB-424C-BEFD-DF7E43E39C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEFD24F-A241-44A7-9C2D-128F5C5F69BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*","matchCriteriaId":"D286954C-BD26-4433-84D3-D0F37B61BB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*","matchCriteriaId":"EA2718B3-AE02-4C76-A17F-22B72016681A"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*","matchCriteriaId":"6F869944-14A6-4C7A-A096-7ABB0740B7B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*","matchCriteriaId":"05A936F4-7FC3-45CD-AEBB-5DF105A5D698"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*","matchCriteriaId":"E6EDA101-F379-4CE9-83FA-1F85A501EA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*","matchCriteriaId":"6DB9E2FF-60E9-4AF7-8893-688FD90C20BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*","matchCriteriaId":"52FEDFA6-7774-4946-86D7-5A2E9E727D01"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*","matchCriteriaId":"22061490-43D6-4793-A150-6159A979F586"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*","matchCriteriaId":"2D4E1C16-BE0D-4E09-9E44-FE85A9D04568"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"856EF408-705A-48B9-B806-2AA5EE52984E"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*","matchCriteriaId":"E2E88D11-966D-4273-AE80-A8ADD93F7E33"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*","matchCriteriaId":"67A73F1E-3203-4EDE-A5FF-8225CCAEC652"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*","matchCriteriaId":"23F4DA74-514C-433E-BE4F-756002431D2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"344B07EE-75F3-4794-8AFB-C68E26AECBC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*","matchCriteriaId":"CCCB3504-8E6E-4825-A45B-EE1D5DBED376"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*","matchCriteriaId":"085836CB-4832-4CBF-B2BB-E606C0F5261A"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"021F9BAB-1DAD-49EE-8F37-1E4155F8C32E"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*","matchCriteriaId":"81FFB9E4-0CDB-4F9F-AAFC-5BAE1A2B7E5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*","matchCriteriaId":"EC833EB6-FEE5-4A65-96E1-02E781D11354"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FE38FB18-831C-4260-A70E-85FFB4048A90"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*","matchCriteriaId":"28889691-9C50-4E80-8893-F4A04176D881"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*","matchCriteriaId":"87AE18E4-42C2-4827-807D-E9FAA6AA6685"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*","matchCriteriaId":"2A97A5A4-8D69-4514-9FF2-C7D7D2FF3FAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*","matchCriteriaId":"ADB3F1A0-13DE-40F0-A368-D7967706054F"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"04CE71EA-2251-4860-8343-68E89FB00507"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*","matchCriteriaId":"290E178F-F7F3-42B3-8B0F-B596F556646A"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*","matchCriteriaId":"882AB7C8-2823-4FA7-95A7-D116421A055E"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*","matchCriteriaId":"C57FF361-2274-4F9A-AD5A-BB0626BF7D68"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F6C36CCE-6B7B-4346-81B2-40ACE8F2EE63"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*","matchCriteriaId":"947EF76E-2155-4191-AD7E-26A34B733B6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*","matchCriteriaId":"36149A37-5BF7-41EC-AD65-34F5DAFFC64B"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*","matchCriteriaId":"407B15E5-5355-4AE0-98E1-26B7C60D77A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*","matchCriteriaId":"28A72C43-6033-4E99-BF41-513E4C69E2D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*","matchCriteriaId":"2E54E70F-8F06-4558-B725-045B379D6279"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*","matchCriteriaId":"A8061B89-3B8D-4D38-9DA8-A52EC97CF966"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"D664F3EF-B07F-47BC-A9CF-6CD22CF73D98"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*","matchCriteriaId":"878003F7-7BE7-473A-B0B7-1C26A9A02D89"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*","matchCriteriaId":"A2114F67-E72F-4559-8921-7567F0985ED0"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"C991464B-52D4-4F70-91CE-E5FFDFCC6DD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"2EDCCE92-D85D-453B-B13B-52FC888F340A"},{"vulnerable":true,"criteria":"cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*","matchCriteriaId":"8CEE3098-76E1-4734-9292-09EE7FB13044"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"2156","Ordinal":"1","Title":"CVE-2015-2156","CVE":"CVE-2015-2156","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"2156","Ordinal":"1","NoteData":"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.","Type":"Description","Title":"CVE-2015-2156"},{"CveYear":"2015","CveId":"2156","Ordinal":"2","NoteData":"2017-10-18","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"2156","Ordinal":"3","NoteData":"2019-11-15","Type":"Other","Title":"Modified"}]}}}