Netty and Play Framework CVE-2015-2156 Session Hijacking Vulnerability

Bugtraq ID: 74704
Class: Input Validation Error
CVE: CVE-2015-2156
Remote: Yes
Local: No
Published: May 09 2015 12:00AM
Updated: May 09 2015 12:00AM
Credit: Roman Shafigullin, Luca Carettoni and Mukul Khullar from LinkedIn
Vulnerable: Play Framework Play Framework 2.3.8
Play Framework Play Framework 2.3.7
Play Framework Play Framework 2.3.6
Play Framework Play Framework 2.3.5
Play Framework Play Framework 2.3.4
Play Framework Play Framework 2.3.3
Play Framework Play Framework 2.3.2
Play Framework Play Framework 2.3.1
Play Framework Play Framework 2.3
Play Framework Play Framework 2.1.4
Play Framework Play Framework 2.1.3
Play Framework Play Framework 2.1.2
Play Framework Play Framework 2.1.1
Play Framework Play Framework 2.1.0
Play Framework Play Framework 2.0.7
Play Framework Play Framework 2.0.6
Play Framework Play Framework 2.0.5
Play Framework Play Framework 2.0.4
Play Framework Play Framework 2.0.3
Play Framework Play Framework 2.0.2
Play Framework Play Framework 2.0.1
Play Framework Play Framework 2.0
Netty Project Netty 4.0.27
Netty Project Netty 4.0.18
Netty Project Netty 4.0.17
Netty Project Netty 3.10.2
Netty Project Netty 3.10.1
Netty Project Netty 3.10
Netty Project Netty 3.9.7
Netty Project Netty 3.9
Netty Project Netty 4.0.9
Netty Project Netty 4.0.8
Netty Project Netty 4.0.7
Netty Project Netty 4.0.6
Netty Project Netty 4.0.5
Netty Project Netty 4.0.4
Netty Project Netty 4.0.3
Netty Project Netty 4.0.2
Netty Project Netty 4.0.16
Netty Project Netty 4.0.15
Netty Project Netty 4.0.14
Netty Project Netty 4.0.13
Netty Project Netty 4.0.12
Netty Project Netty 4.0.11
Netty Project Netty 4.0.10
Netty Project Netty 4.0.1
Netty Project Netty 4.0.0
Netty Project Netty 3.9.2
Netty Project Netty 3.9.1
Not Vulnerable: Play Framework Play Framework 2.3.9
Netty Project Netty 4.1.0.Beta5
Netty Project Netty 4.0.28.Final
Netty Project Netty 3.9.8.Final
Netty Project Netty 3.10.3.Final


 

Privacy Statement
Copyright 2010, SecurityFocus