vulnerability

Debian: CVE-2015-5211: libspring-java -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	May 25, 2017	Jul 30, 2024	Jul 30, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

May 25, 2017

Added

Jul 30, 2024

Modified

Jul 30, 2024

Description

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Solution

debian-upgrade-libspring-java

References

CVE-2015-5211
https://attackerkb.com/topics/CVE-2015-5211

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today