Search...

Fedora Update for netty FEDORA-2015-8713

2015-06-09T00:00:00

ID OPENVAS:1361412562310869409
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for netty FEDORA-2015-8713
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.869409");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2015-06-09 10:54:00 +0200 (Tue, 09 Jun 2015)");
  script_cve_id("CVE-2015-2156");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for netty FEDORA-2015-8713");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'netty'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"netty on Fedora 21");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2015-8713");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC21");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC21")
{

  if ((res = isrpmvuln(pkg:"netty", rpm:"netty~4.0.28~1.fc21", rls:"FC21")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310869409", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for netty FEDORA-2015-8713", "description": "The remote host is missing an update for the ", "published": "2015-06-09T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869409", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html", "2015-8713"], "cvelist": ["CVE-2015-2156"], "lastseen": "2019-05-29T18:36:21", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2156", "CVE-2015-8713"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310869586"]}, {"type": "nessus", "idList": ["FEDORA_2015-8684.NASL", "FEDORA_2015-8713.NASL"]}, {"type": "github", "idList": ["GHSA-XFV3-RRFM-F2RV"]}, {"type": "fedora", "idList": ["FEDORA:4ACD9625CD90", "FEDORA:D5CC9605229D"]}], "modified": "2019-05-29T18:36:21", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2019-05-29T18:36:21", "rev": 2}, "vulnersScore": 5.7}, "pluginID": "1361412562310869409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for netty FEDORA-2015-8713\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869409\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:54:00 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-2156\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for netty FEDORA-2015-8713\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"netty on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8713\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"netty\", rpm:\"netty~4.0.28~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T06:21:22", "description": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.", "edition": 10, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-18T15:29:00", "title": "CVE-2015-2156", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2156"], "modified": "2019-11-25T16:25:00", "cpe": ["cpe:/a:lightbend:play_framework:2.0.6", "cpe:/a:netty:netty:4.0.11", "cpe:/a:lightbend:play_framework:2.0.2", "cpe:/a:netty:netty:4.0.17", "cpe:/a:netty:netty:4.0.21", "cpe:/a:lightbend:play_framework:2.3.1", "cpe:/a:netty:netty:4.0.22", "cpe:/a:playframework:play_framework:2.1.3", "cpe:/a:lightbend:play_framework:2.3.7", "cpe:/a:netty:netty:4.0.9", "cpe:/a:netty:netty:4.0.7", "cpe:/a:playframework:play_framework:2.3", "cpe:/a:lightbend:play_framework:2.0.5", "cpe:/a:netty:netty:4.0.19", "cpe:/a:netty:netty:4.0.1", "cpe:/a:netty:netty:4.0.16", "cpe:/a:netty:netty:4.0.26", "cpe:/a:lightbend:play_framework:2.3.4", "cpe:/a:lightbend:play_framework:2.0", "cpe:/a:netty:netty:4.0.13", "cpe:/a:lightbend:play_framework:2.3.3", "cpe:/a:playframework:play_framework:2.2.2", "cpe:/a:netty:netty:4.0.20", "cpe:/a:lightbend:play_framework:2.2.1", "cpe:/a:netty:netty:4.0.15", "cpe:/a:netty:netty:4.0.4", "cpe:/a:netty:netty:4.0.25", "cpe:/a:lightbend:play_framework:2.2.6", "cpe:/a:netty:netty:4.0.12", "cpe:/a:netty:netty:3.9.7", "cpe:/a:lightbend:play_framework:2.2.2", "cpe:/a:netty:netty:3.10.0", "cpe:/a:netty:netty:4.0.6", "cpe:/a:lightbend:play_framework:2.1.0", "cpe:/a:netty:netty:4.0.3", "cpe:/a:lightbend:play_framework:2.3.8", "cpe:/a:netty:netty:4.0.2", "cpe:/a:netty:netty:4.0.8", "cpe:/a:netty:netty:4.0.27", "cpe:/a:lightbend:play_framework:2.3.0", "cpe:/a:lightbend:play_framework:2.0.4", "cpe:/a:lightbend:play_framework:2.0.3", "cpe:/a:netty:netty:4.0.5", "cpe:/a:playframework:play_framework:2.1.4", "cpe:/a:playframework:play_framework:2.0.1", "cpe:/a:netty:netty:3.10.1", "cpe:/a:playframework:play_framework:2.1.5", "cpe:/a:playframework:play_framework:2.2.0", "cpe:/a:netty:netty:4.0.18", "cpe:/a:netty:netty:3.10.2", "cpe:/a:netty:netty:4.0.23", "cpe:/a:lightbend:play_framework:2.0.8", "cpe:/a:playframework:play_framework:2.2.1", "cpe:/a:playframework:play_framework:2.0", "cpe:/a:lightbend:play_framework:2.1.1", "cpe:/a:netty:netty:4.0.14", "cpe:/a:playframework:play_framework:2.1.2", "cpe:/a:lightbend:play_framework:2.3.5", "cpe:/a:playframework:play_framework:2.1.1", "cpe:/a:playframework:play_framework:2.2.4", "cpe:/a:playframework:play_framework:2.2.5", "cpe:/a:netty:netty:4.0.10", "cpe:/a:netty:netty:4.1.0", "cpe:/a:netty:netty:4.0.0", "cpe:/a:playframework:play_framework:2.2.3", "cpe:/a:lightbend:play_framework:2.2.0", "cpe:/a:lightbend:play_framework:2.0.7", "cpe:/a:playframework:play_framework:2.1.6", "cpe:/a:netty:netty:4.0.24", "cpe:/a:lightbend:play_framework:2.3.6", "cpe:/a:lightbend:play_framework:2.3.2"], "id": "CVE-2015-2156", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2156", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:lightbend:play_framework:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.1.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.0:m1:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.0:beta:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.1.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.1:2.9.x-backport:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.3:m1:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:3.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.0:m3:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.0:m2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.1:rc1-2.9.x-backport:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:netty:netty:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:lightbend:play_framework:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:playframework:play_framework:2.1.6:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2156"], "description": "Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application will suffer from a maintainability or a performance issue. Netty has been designed carefully with the experiences earned from the implementation of a lot of protocols such as FTP, SMTP, HTTP, and various binary and text-based legacy protocols. As a result, Netty has succeeded to find a way to achieve ease of development, performance, stability, and flexibility without a compromise. ", "modified": "2015-05-30T15:39:53", "published": "2015-05-30T15:39:53", "id": "FEDORA:4ACD9625CD90", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: netty-4.0.28-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2156"], "description": "Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application will suffer from a maintainability or a performance issue. Netty has been designed carefully with the experiences earned from the implementation of a lot of protocols such as FTP, SMTP, HTTP, and various binary and text-based legacy protocols. As a result, Netty has succeeded to find a way to achieve ease of development, performance, stability, and flexibility without a compromise. ", "modified": "2015-06-04T20:12:38", "published": "2015-06-04T20:12:38", "id": "FEDORA:D5CC9605229D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: netty-4.0.28-1.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:13:49", "description": "Security fix for CVE-2015-2156\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2015-06-02T00:00:00", "title": "Fedora 22 : netty-4.0.28-1.fc22 (2015-8684)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2156"], "modified": "2015-06-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:netty", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-8684.NASL", "href": "https://www.tenable.com/plugins/nessus/83930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8684.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83930);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2156\");\n script_xref(name:\"FEDORA\", value:\"2015-8684\");\n\n script_name(english:\"Fedora 22 : netty-4.0.28-1.fc22 (2015-8684)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-2156\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222923\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6a2715a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected netty package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"netty-4.0.28-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netty\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:13:49", "description": "Security fix for CVE-2015-2156\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2015-06-05T00:00:00", "title": "Fedora 21 : netty-4.0.28-1.fc21 (2015-8713)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2156"], "modified": "2015-06-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:netty"], "id": "FEDORA_2015-8713.NASL", "href": "https://www.tenable.com/plugins/nessus/83996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8713.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83996);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2156\");\n script_xref(name:\"FEDORA\", value:\"2015-8713\");\n\n script_name(english:\"Fedora 21 : netty-4.0.28-1.fc21 (2015-8713)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-2156\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222923\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e61582d0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected netty package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"netty-4.0.28-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netty\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2156"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869586", "type": "openvas", "title": "Fedora Update for netty FEDORA-2015-8684", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for netty FEDORA-2015-8684\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869586\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:25:51 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-2156\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for netty FEDORA-2015-8684\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"netty on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8684\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"netty\", rpm:\"netty~4.0.28~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "github": [{"lastseen": "2020-07-01T00:46:11", "bulletinFamily": "software", "cvelist": ["CVE-2015-2156"], "description": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.", "edition": 1, "modified": "2020-06-30T21:01:21", "published": "2020-06-30T21:01:21", "id": "GHSA-XFV3-RRFM-F2RV", "href": "https://github.com/advisories/GHSA-xfv3-rrfm-f2rv", "title": "Information Exposure in Netty", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}