Source: netty-3.9 Version: 3.9.0.Final-1 Severity: important Tags: security upstream patch
LinkedIn Security Team discovered a "Cookie" header parsing bug in Netty that could lead to universal bypass of the HttpOnly flag on cookies. If the HttpOnly flag is included in the HTTP Set-Cookie response header, the cookie cannot usually be accessed through client-side script. This bug can be however leveraged to leak the cookie's name-value in the DOM, where a malicious script can access the content without any restriction. CVE-2015-2156 has been assigned for this issue, which has been fixed upstream in release 3.9.8.Final and 3.10.3.Final. Please mention the CVE ID in the changelog when fixing this issue. References: * Security update http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html * Issue technical details / PoC http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156 * Fixing commit https://github.com/slandelle/netty/commit/800555417e77029dcf8a31d7de44f27b5a8f79b8 Cheers, Luca _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
