CVE-2015-2156
https://notcve.org/view.php?id=CVE-2015-2156
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters. Netty en versiones anteriores a la 3.9.8.Final, 3.10.x anteriores a la 3.10.3.Final, 4.0.x anteriores a la 4.0.28.Final y 4.1.x anteriores a la 4.1.0.Beta5 y Play Framework 2.x en versiones anteriores a la 2.3.9 podría permitir que atacantes remotos omitan el indicador httpOnly en las cookies y obtengan información sensible aprovechando la validación incorrecta del nombre de la cookie y los caracteres del valor. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html http://www.openwall.com/lists/oss-security/2015/05/17/1 http://www.securityfocus.com/bid/74704 https://bugzilla.redhat.com/show_bug.cgi?id=1222923 https://github.com/netty/netty/pull/3754 https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d • CWE-20: Improper Input Validation •
CVE-2016-4970 – netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
https://notcve.org/view.php?id=CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). handler/ssl/OpenSslEngine.java en Netty 4.0.x en versiones anteriores a 4.0.37.Final y 4.1.x en versiones anteriores a 4.1.1.Final permite a los atacantes remotos provocar una denegación de servicio (bucle infinito). • http://netty.io/news/2016/06/07/4-0-37-Final.html http://netty.io/news/2016/06/07/4-1-1-Final.html http://rhn.redhat.com/errata/RHSA-2017-0179.html http://rhn.redhat.com/errata/RHSA-2017-1097.html http://www.securityfocus.com/bid/96540 https://bugzilla.redhat.com/show_bug.cgi?id=1343616 https://github.com/netty/netty/pull/5364 https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E https://wiki • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •