Lucene search
K

19 matches found

OSV
OSV
added 2021/04/30 5:29 p.m.101 views

GHSA-RV39-3QH7-9V7W Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

6.5CVSS7.6AI score0.10736EPSS
Exploits1References25
Github Security Blog
Github Security Blog
added 2021/04/30 5:29 p.m.62 views

Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

8.7CVSS7.7AI score0.10736EPSS
Exploits1References26Affected Software1
Prion
Prion
added 2020/09/19 4:15 a.m.30 views

Design/Logic Flaw

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

3.6CVSS8.8AI score0.10736EPSS
Exploits2References24Affected Software35
OpenVAS
OpenVAS
added 2019/07/14 12:0 a.m.35 views

Debian: Security Advisory (DLA-1853-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.3AI score0.1005EPSS
Exploits6References3
Debian
Debian
added 2019/07/13 9:20 p.m.244 views

[SECURITY] [DLA 1853-1] libspring-java security update

Package : libspring-java Version : 3.0.6.RELEASE-17+deb8u1 CVE ID : CVE-2014-3578 CVE-2014-3625 CVE-2015-3192 CVE-2015-5211 CVE-2016-9878 Debian Bug : 760733 769698 796137 849167 Vulnerabilities have been identified in libspring-java, a modular Java/J2EE application framework. CVE-2014-3578 A...

9.6CVSS7AI score0.1005EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2018/10/17 8:29 p.m.6 views

at.chrl:chrl-jms (=1.1.0), at.chrl:chrl-orm-spring-integration (=1.1.0) +594 more potentially affected by CVE-2015-5211 via org.springframework:spring-core (>=4.2.0.RELEASE <=4.2.1.RELEASE)

org.springframework:spring-core MAVEN version =4.2.0.RELEASE, =1.0.0, =4.0.1.Final, =0.15.0, =0.13.2, =0.13.2, =1.0.6, =1.1.0, =1.0.109-RELEASE, =1.0.109-RELEASE, =1.0.109-RELEASE, =1.0.109-RELEASE, =1.0.120-RELEASE and more Source cves: CVE-2015-5211 Source advisory: OSV:GHSA-PGF9-H69P-PCGF...

9.6CVSS6.7AI score0.0257EPSS
Exploits1
OSV
OSV
added 2017/05/25 5:29 p.m.10 views

CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

9.6CVSS9.2AI score0.0257EPSS
Exploits1References5
NVD
NVD
added 2017/05/25 5:29 p.m.25 views

CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

9.6CVSS7.6AI score0.0257EPSS
Exploits1References3
OSV
OSV
added 2017/05/25 5:29 p.m.5 views

DEBIAN-CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

9.6CVSS6.7AI score0.0257EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/05/25 5:0 p.m.37 views

CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

7.6AI score0.0257EPSS
Exploits1References3
CVE
CVE
added 2017/05/25 5:0 p.m.186 views

CVE-2015-5211

CVE-2015-5211 affects Pivotal/Spring Framework where a crafted URL with a batch script extension can trigger a reflected file download, potentially downloading a malicious response. The linked IBM bulletin details exploit scenarios (RFD/open redirect risks) and provides a remediation path urging ...

9.6CVSS7.4AI score0.0257EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2017/05/25 5:0 p.m.25 views

CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

9.6CVSS6.9AI score0.0257EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.31 views

Fedora 21 : springframework-3.2.15-1.fc21 (2015-9295d75400)

Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

9.6CVSS6.8AI score0.0257EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.35 views

Fedora 23 : springframework-3.2.15-1.fc23 (2015-065d9953e8)

Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

9.6CVSS6.8AI score0.0257EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.29 views

Fedora 22 : springframework-3.2.15-1.fc22 (2015-693035254a)

Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

9.6CVSS6.8AI score0.0257EPSS
Exploits1References3
Mageia
Mageia
added 2015/11/04 6:3 p.m.48 views

Updated springframework packages fix security vulnerability

Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...

9.6CVSS7.8AI score0.0257EPSS
Exploits1References2
OSV
OSV
added 2015/11/04 6:3 p.m.12 views

MGASA-2015-0426 Updated springframework packages fix security vulnerability

Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...

9.6CVSS9.2AI score0.0257EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2015/11/02 12:0 a.m.35 views

Fedora Update for springframework FEDORA-2015-693035254

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS8AI score0.0257EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/11/02 12:0 a.m.37 views

Fedora Update for springframework FEDORA-2015-9295

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS8AI score0.0257EPSS
Exploits1References2
Rows per page
Query Builder