Play Framework 1 Session Hijack Vulnerability
188 views
Skip to first unread message
James Roper
Jan 7, 2016, 9:31:11 PM1/7/16
to play-framew...@googlegroups.com
A security vulnerability has been found in Play Framework versions 1.0 through 1.4.0, excluding 1.2.7.x. It affects any applications that use the session as part of 500 error handling.
This vulnerability has been fixed in Play 1.4.1, 1.3.2, 1.2.6.2 and 1.2.5.6. 1.2.7.2 is not impacted by this vulnerability.
The Play team recommends that all Play 1 users upgrade to a fixed version immediately.
For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:
https://www.playframework.com/security/vulnerability/20151230-SessionHijack
This vulnerability has been fixed in Play 1.4.1, 1.3.2, 1.2.6.2 and 1.2.5.6. 1.2.7.2 is not impacted by this vulnerability.
The Play team recommends that all Play 1 users upgrade to a fixed version immediately.
For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:
https://www.playframework.com/security/vulnerability/20151230-SessionHijack
Regards,
Reply all
Reply to author
Forward
0 new messages