Lucene search
Gentoo FoundationMGASA-2015-0426HistoryNov 04, 2015 - 9:03 p.m.
Updated springframework packages fix security vulnerability
2015-11-0421:03:05
Gentoo Foundation
advisories.mageia.org
13
0.003 Low
EPSS
Percentile
68.2%
Under some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response (CVE-2015-5211).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 5 | noarch | json-smart | < 1.3-0.20140820.1 | json-smart-1.3-0.20140820.1.mga5 |
| Mageia | 5 | noarch | json-path | < 0.9.1-1 | json-path-0.9.1-1.mga5 |
| Mageia | 5 | noarch | springframework | < 3.2.15-1 | springframework-3.2.15-1.mga5 |
Related
nessus
nessus
Fedora 22 : springframework-3.2.15-1.fc22 (2015-693035254a)
2016-03-04 00:00:00
Fedora 23 : springframework-3.2.15-1.fc23 (2015-065d9953e8)
2016-03-04 00:00:00
Fedora 21 : springframework-3.2.15-1.fc21 (2015-9295d75400)
2016-03-04 00:00:00
osv
osv
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
CVE-2020-5421
2020-09-19 04:15:11
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
fedora
fedora
[SECURITY] Fedora 21 Update: springframework-3.2.15-1.fc21
2015-11-01 22:22:42
[SECURITY] Fedora 23 Update: springframework-3.2.15-1.fc23
2015-11-01 02:58:09
[SECURITY] Fedora 22 Update: springframework-3.2.15-1.fc22
2015-11-01 21:55:23
openvas
openvas
Fedora Update for springframework FEDORA-2015-693035254
2015-11-02 00:00:00
Fedora Update for springframework FEDORA-2015-9295
2015-11-02 00:00:00
Mageia: Security Advisory (MGASA-2015-0426)
2015-11-08 00:00:00
cve
cve
CVE-2015-5211
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:00
github
github
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
debiancve
debiancve
CVE-2015-5211
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:00
prion
prion
Input validation
2017-05-25 17:29:00
Design/Logic Flaw
2020-09-19 04:15:00
ubuntucve
ubuntucve
CVE-2015-5211
2017-05-25 00:00:00
CVE-2020-5421
2020-09-19 00:00:00
cvelist
cvelist
CVE-2015-5211
2017-05-25 17:00:00
CVE-2020-5421 RFD Protection Bypass via jsessionid
2020-09-17 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server
2019-07-11 19:25:02
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities
2019-03-07 15:30:02
Security Bulletin: [All] Spring Framework (Publicly disclosed vulnerability)
2023-06-06 05:06:05
redhatcve
redhatcve
CVE-2020-5421
2020-09-21 16:59:07
veracode
veracode
Reflected File Download (RFD) Attack
2020-09-18 08:14:19
githubexploit
githubexploit
Exploit for Vulnerability in Pivotal Software Spring Framework
2021-01-10 12:26:00
debian
debian
[SECURITY] [DLA 1853-1] libspring-java security update
2019-07-13 21:21:06
ubuntu
ubuntu
Spring Framework vulnerabilities
2021-03-17 00:00:00