vulnerability

Debian: CVE-2015-5211: libspring-java -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	May 25, 2017	Jul 30, 2024	Mar 30, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

May 25, 2017

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Solution

debian-upgrade-libspring-java

References

CVE-2015-5211
https://attackerkb.com/topics/CVE-2015-5211
CWE-552
EUVD-EUVD-2018-0652
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-0652

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report