U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2015-2156

Change History

Initial Analysis by NIST 11/08/2017 11:56:16 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:netty_project:netty:3.9.7:*:*:*:*:*:*:* (and previous)
     *cpe:2.3:a:netty_project:netty:3.10.0:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:3.10.1:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:3.10.2:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.1:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.2:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.3:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.4:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.5:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.6:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.7:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.8:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.9:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.10:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.11:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.12:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.13:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.14:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.15:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.16:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.17:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.18:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.19:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.20:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.21:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.22:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.23:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.24:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.25:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.26:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.0.27:*:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.1.0:beta1:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.1.0:beta2:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.1.0:beta3:*:*:*:*:*:*
     *cpe:2.3:a:netty_project:netty:4.1.0:beta4:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0:rc3:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0:rc4:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0:rc5:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.2:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.2:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.2:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.3:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.3:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.3:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.4:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.4:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.4:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.5:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.5:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.5:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.6:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.7:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.0.8:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.0:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.1:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.0:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.2:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.2.6:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.0:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.0:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.0:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.1:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.2:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.2:rc1:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.2:rc2:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.3:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.4:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.5:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.6:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.7:*:*:*:*:*:*:*
     *cpe:2.3:a:playframework:play_framework:2.3.8:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Added CWE

								
							
							
						
CWE-20
Changed Reference Type
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html No Types Assigned
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html Third Party Advisory
Changed Reference Type
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html No Types Assigned
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html Third Party Advisory
Changed Reference Type
http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html No Types Assigned
http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html Vendor Advisory
Changed Reference Type
http://www.openwall.com/lists/oss-security/2015/05/17/1 No Types Assigned
http://www.openwall.com/lists/oss-security/2015/05/17/1 Mailing List, Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/74704 No Types Assigned
http://www.securityfocus.com/bid/74704 Third Party Advisory, VDB Entry
Changed Reference Type
https://bugzilla.redhat.com/show_bug.cgi?id=1222923 No Types Assigned
https://bugzilla.redhat.com/show_bug.cgi?id=1222923 Issue Tracking, Third Party Advisory
Changed Reference Type
https://github.com/netty/netty/pull/3754 No Types Assigned
https://github.com/netty/netty/pull/3754 Third Party Advisory
Changed Reference Type
https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass No Types Assigned
https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass Third Party Advisory