Reflected File Download Vulnerability in Spring Framework by Pivotal
CVE-2015-5211
9.6CRITICAL
Summary
The Spring Framework versions 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, and 3.2.0 to 3.2.14 are susceptible to a Reflected File Download (RFD) attack. In specific scenarios, this vulnerability allows an attacker to construct a malicious URL that triggers a download of a batch script instead of rendering it in the browser. This exploit can lead to unintended file downloads that include input reflected in the server's response, potentially compromising user security.
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved