Lucene search
K

135 matches found

OSV
OSV
added 2019/11/05 3:15 p.m.25 views

CVE-2019-17598

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

7.5CVSS6.6AI score0.00698EPSS
Exploits0References2
Prion
Prion
added 2019/11/05 3:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

4.3CVSS7.3AI score0.00698EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/05 2:53 p.m.88 views

CVE-2019-17598

CVE-2019-17598 affects Lightbend Play Framework (2.5.x–2.6.23) and its play-ws component. When configured to proxy requests through an authenticated HTTP proxy, under high load, HTTPS connections to a target host may reveal proxy credentials to that host. Impact is information disclosure; details...

7.5CVSS7.3AI score0.00698EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/05 2:53 p.m.40 views

CVE-2019-17598

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

7.3AI score0.00698EPSS
Exploits0References2
Prion
Prion
added 2018/07/17 12:29 p.m.21 views

Directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

5CVSS7.5AI score0.03418EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/07/17 12:29 p.m.18 views

CVE-2018-13864

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

7.5CVSS7AI score0.03418EPSS
Exploits0References1
NVD
NVD
added 2018/07/17 12:29 p.m.23 views

CVE-2018-13864

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

7.5CVSS7.5AI score0.03418EPSS
Exploits0References1
CVE
CVE
added 2018/07/17 12:0 p.m.58 views

CVE-2018-13864

CVE-2018-13864: A directory traversal vulnerability affects Play Framework 2.6.12–2.6.15 (Windows). The Assets controller could be abused to download arbitrary files from the server via crafted HTTP requests. The issue is fixed in 2.6.16; upgrade to 2.6.16+ to remediate. No exploitation details a...

7.5CVSS7.5AI score0.03418EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/17 12:0 p.m.22 views

CVE-2018-13864

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

7.5AI score0.03418EPSS
Exploits0References1
Veracode
Veracode
added 2018/01/30 1:25 a.m.6 views

Information Disclosure

Play Framework filter-helper is vulnerable to information disclosure. Attackers can overwrite the Vary header when the CORS filter is used to match again a specific set of origins. This may expose sensitive information and make the application vulnerable to cache poisoning...

6.1AI score
Exploits0
CNVD
CNVD
added 2018/01/04 12:0 a.m.6 views

Play XML External Entity Injection Vulnerability

Play is a set of open source Java Web application framework. The framework is scalable , low resource consumption and so on. An XML external entity injection vulnerability exists in the Java XML functionality in Play versions prior to 2.2.6 and 2.3.x versions prior to 2.3.5. A remote attacker can...

9.8CVSS7.2AI score0.02869EPSS
Exploits0References1
Prion
Prion
added 2017/12/29 10:29 p.m.24 views

Xxe

XML external entity XXE vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data...

7.5CVSS8AI score0.02869EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/10/18 3:29 p.m.7 views

UBUNTU-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.2AI score0.05434EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2017/10/18 3:29 p.m.24 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.2AI score0.05434EPSS
Exploits0References5
NVD
NVD
added 2017/10/18 3:29 p.m.25 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.7AI score0.05434EPSS
Exploits0References12
Prion
Prion
added 2017/10/18 3:29 p.m.23 views

Input validation

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

4.3CVSS6.7AI score0.05434EPSS
Exploits0References12Affected Software2
OSV
OSV
added 2017/10/18 3:29 p.m.5 views

DEBIAN-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.9AI score0.05434EPSS
Exploits0References1
CVE
CVE
added 2017/10/18 3:0 p.m.125 views

CVE-2015-2156

CVE-2015-2156 concerns Netty (and Play Framework): improper validation of cookie name/value characters can bypass HttpOnly and expose sensitive data. In IBM StreamSets Data Collector context, this vulnerability affects versions 5.0.0–6.4.1 and remediation is to upgrade to IBM StreamSets Data Coll...

7.5CVSS7.3AI score0.05434EPSS
Exploits0References12Affected Software1
Debian CVE
Debian CVE
added 2017/10/18 3:0 p.m.29 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.6AI score0.05434EPSS
Exploits0
Cvelist
Cvelist
added 2017/10/18 3:0 p.m.25 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5AI score0.05434EPSS
Exploits0References12
Rows per page
Query Builder