Improper Validation of Cookie Name and Value Characters Vulnerability

Improper Validation of Cookie Name and Value Characters Vulnerability

CVE-2015-2156 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Learn more about our Web Application Penetration Testing UK.