Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

CVSS v3:

  • Severity: Critical
  • Score: 9.6
  • AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
vmware / spring_framework 3.2.2 3.2.2.x
vmware / spring_framework 3.2.1 3.2.1.x
vmware / spring_framework 3.2.8 3.2.8.x
vmware / spring_framework 3.2.7 3.2.7.x
vmware / spring_framework 3.2.10 3.2.10.x
vmware / spring_framework 3.2.9 3.2.9.x
vmware / spring_framework 3.2.4 3.2.4.x
vmware / spring_framework 3.2.3 3.2.3.x
vmware / spring_framework 3.2.6 3.2.6.x
vmware / spring_framework 3.2.5 3.2.5.x
vmware / spring_framework 4.0.5 4.0.5.x
vmware / spring_framework 4.0.7 4.0.7.x
vmware / spring_framework 4.0.6 4.0.6.x
vmware / spring_framework 3.2.12 3.2.12.x
vmware / spring_framework 3.2.11 3.2.11.x
vmware / spring_framework 3.2.13 3.2.13.x
vmware / spring_framework 4.0.9 4.0.9.x
vmware / spring_framework 4.0.8 4.0.8.x
vmware / spring_framework 4.0.3 4.0.3.x
vmware / spring_framework 4.0.2 4.0.2.x
vmware / spring_framework 4.0.4 4.0.4.x
vmware / spring_framework 4.0.1 4.0.1.x
vmware / spring_framework 3.2.14 3.2.14.x
vmware / spring_framework 4.1.6 4.1.6.x
vmware / spring_framework 4.1.5 4.1.5.x
vmware / spring_framework 4.1.7 4.1.7.x
vmware / spring_framework 4.2.1 4.2.1.x
vmware / spring_framework 4.1.1 4.1.1.x
vmware / spring_framework 4.1.2 4.1.2.x
vmware / spring_framework 4.1.3 4.1.3.x
vmware / spring_framework 4.1.4 4.1.4.x
vmware / spring_framework 3.2.0 3.2.0.x
vmware / spring_framework 4.0.0 4.0.0.x
vmware / spring_framework 4.1.0 4.1.0.x
vmware / spring_framework 4.2.0 4.2.0.x
debian / debian_linux 8.0 8.0.x
org.springframework / spring-core 4.2.0 4.2.2
org.springframework / spring-core 4.0.0 4.1.8
org.springframework / spring-core - 3.2.15