Reflected File Download Vulnerability in Spring Framework by Pivotal
CVE-2015-5211

9.6CRITICAL

Key Information:

Vendor
Vmware
Status
Spring Framework
Vendor
CVE Published:
25 May 2017

Summary

The Spring Framework versions 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, and 3.2.0 to 3.2.14 are susceptible to a Reflected File Download (RFD) attack. In specific scenarios, this vulnerability allows an attacker to construct a malicious URL that triggers a download of a batch script instead of rendering it in the browser. This exploit can lead to unintended file downloads that include input reflected in the server's response, potentially compromising user security.

References

https://www.trustwave.com/Resources/SpiderLabs-Blog/Refle...
x_refsource_MISC
https://pivotal.io/security/cve-2015-5211
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/07/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.