QwikSec

Security Database

CVE

CWE

Training

CVE-2015-5211

Published: May 25, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/

x_refsource_MISC

https://pivotal.io/security/cve-2015-5211

x_refsource_CONFIRM

[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.