Security Bulletin: Due to use of Netty, IBM Operations Analytics - Log Analysis is affected by denial of service, information disclosure, and HTTP request smuggling

Summary Netty in Apache ZooKeeper and Logstash is used by IBM Operations Analytics - Log Analysis as part of the client/server network transport layer, and network-related plugins for protocol and event transport. CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2019-20444, CVE-2024-47535,...

Linux Distros Unpatched Vulnerability : CVE-2015-2156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow...

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to denial of service attacks and remote attack via restrictions bypass. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2015-2156 DESCRIPTION: Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in ...

ai.databand.azkaban:azkaban-web-server (=3.18.0), at.salzburgresearch.nodekeeper:nodekeeper-java (>=1.0 <=1.2) +2130 more potentially affected by CVE-2015-2156 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.9.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.0, =0.3.1, =1.0, =1.16.0, =1.16.0, =1.0, =0.2.0, =0.1.5, =0.1.5, =0.5.0 and more Source cves: CVE-2015-2156 Source advisory: OSV:GHSA-XFV3-RRFM-F2RV...

at.iem:sysson_2.11 (>=1.14.1 <=1.15.0), at.iem:sysson_2.12 (>=1.14.1 <=1.15.0) +1032 more potentially affected by CVE-2015-2156 via io.netty:netty (>=3.10.0.Final <=3.10.2.Final)

io.netty:netty MAVEN version =3.10.0.Final, =1.14.1, =1.14.1, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =3.2.2, =3.2.2, =2.5.0-beta.0, =2.5.0-beta.0, =2.5.0-beta.0, =3.5.3, =2.5.0-beta.0, =2.5.0-beta.0, =3.4.0, =3.5.7-jre7.0 and more Source cves: CVE-2015-2156 Source advisory:...

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

CVE-2015-2156

CVE-2015-2156 concerns Netty (and Play Framework): improper validation of cookie name/value characters can bypass HttpOnly and expose sensitive data. In IBM StreamSets Data Collector context, this vulnerability affects versions 5.0.0–6.4.1 and remediation is to upgrade to IBM StreamSets Data Coll...

Fedora Update for netty FEDORA-2015-8684

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : netty-4.0.28-1.fc21 (2015-8713)

Security fix for CVE-2015-2156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...