CVE-2020-5398

HIGH

Vmware Spring Framework < 5.0.16 - XSS

Title source: rule

Description

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Exploits (1)

nomisec WORKING POC 87 stars

by motikan2010 · poc

https://github.com/motikan2010/CVE-2020-5398

View Code ZIP pw:eip

References (44)

[Mailing List] https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3E

[Vendor Advisory] https://pivotal.io/security/cve-2020-5398

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210917-0006/

[Patch, Third Party Advisory] https://www.oracle.com//security-alerts/cpujul2021.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujan2021.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2020.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuoct2020.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuoct2021.html

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

[Mailing List] https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3E

... and 24 more

Scores

CVSS v3 7.5

EPSS 0.9018

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-494 CWE-79

Status published

Products (50)

netapp/data_availability_services

netapp/snapcenter

oracle/application_testing_suite 13.3.0.1

oracle/communications_billing_and_revenue_management_elastic_charging_engine 11.3

oracle/communications_billing_and_revenue_management_elastic_charging_engine 12.0

oracle/communications_cloud_native_core_policy 1.5.0

oracle/communications_diameter_signaling_router 8.0.0 - 8.2.2

oracle/communications_element_manager 8.1.1

oracle/communications_element_manager 8.2.0

oracle/communications_element_manager 8.2.1

... and 40 more

Published Jan 17, 2020

Tracked Since Feb 18, 2026