1 matches found
Reflected File Download (RFD) Attack
spring-web is vulnerable to Reflected File Download RFD attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter...