In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| vmware | spring_framework | 5.0.0 - 5.0.16 | - |
| vmware | spring_framework | 5.1.0 - 5.1.13 | - |
| vmware | spring_framework |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
63
Affected Products
88
References
vmware / spring_framework
| 5.2.0 - 5.2.3 |
| - |
| oracle | application_testing_suite | - | - |
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | - | - |
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | - | - |
| oracle | communications_cloud_native_core_policy | - | - |
| oracle | communications_diameter_signaling_router | 8.0.0 - 8.2.2 | - |
| oracle | communications_element_manager | - | - |
| oracle | communications_element_manager | - | - |
| oracle | communications_element_manager | - | - |
| oracle | communications_policy_management | - | - |
| oracle | communications_session_report_manager | - | - |
| oracle | communications_session_report_manager | - | - |
| oracle | communications_session_report_manager | - | - |
| oracle | communications_session_route_manager | - | - |
| oracle | communications_session_route_manager | - | - |
| oracle | communications_session_route_manager | - | - |
| oracle | enterprise_manager_base_platform | - | - |
| oracle | financial_services_regulatory_reporting_with_agilereporter | - | - |
| oracle | flexcube_private_banking | - | - |
| oracle | flexcube_private_banking | - | - |
| oracle | healthcare_master_person_index | - | - |
| oracle | insurance_calculation_engine | 11.0.0 - 11.3.1 | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | mysql | 4.0.0 - 4.0.12 | - |
| oracle | mysql | 8.0.0 - 8.0.20 | - |
| oracle | rapid_planning | - | - |
| oracle | rapid_planning | - | - |
| oracle | retail_assortment_planning | - | - |
| oracle | retail_assortment_planning | - | - |
| oracle | retail_back_office | - | - |
| oracle | retail_bulk_data_integration | - | - |
| oracle | retail_central_office | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_point-of-service | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_returns_management | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | siebel_engineering_-_installer_\&_deployment | 2.1.1 | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| netapp | data_availability_services | - | - |
| netapp | snapcenter | - | - |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability
Impact