In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2020-09-18 21:15
Updated : 2023-03-01 10:56
NVD link : CVE-2020-5421
Mitre link : CVE-2020-5421
JSON object : View
CWE
Products Affected
oracle
- retail_integration_bus
- communications_session_report_manager
- primavera_p6_enterprise_project_portfolio_management
- retail_order_broker
- retail_financial_integration
- retail_returns_management
- storagetek_tape_analytics_sw_tool
- commerce_guided_search
- communications_unified_inventory_management
- retail_predictive_application_server
- financial_services_analytical_applications_infrastructure
- weblogic_server
- mysql_enterprise_monitor
- retail_invoice_matching
- communications_design_studio
- healthcare_master_person_index
- retail_service_backbone
- flexcube_private_banking
- goldengate_application_adapters
- retail_xstore_point_of_service
- retail_merchandising_system
- enterprise_data_quality
- retail_bulk_data_integration
- fusion_middleware
- storagetek_acsls
- retail_customer_management_and_segmentation_foundation
- insurance_policy_administration
- insurance_rules_palette
- primavera_gateway
- communications_brm
- endeca_information_discovery_integrator
- retail_assortment_planning
- retail_customer_engagement
- hyperion_infrastructure_technology
netapp
- oncommand_insight
- snapcenter
- snap_creator_framework
vmware
- spring_framework