VDB
DEBIAN-CVE-2015-5211
DEBIAN-CVE-2015-5211
PUBLISHED
CVSS 9.600000381469727 CRITICAL
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
Risk Scores
CVSS v3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | libspring-java | 0, 0, 0 |
| Debian:14 | libspring-java | 0, 0, 0 |
| Debian:13 | libspring-java | 0, 0, 0 |
| Debian:11 | libspring-java | 0, 0, 0 |
Timeline
- May 25, 2017 CVE Published
- Apr 28, 2026 CVE Updated