Vulnerability Description
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | >= 5.0.0, < 5.0.16 |
| Oracle | Application Testing Suite | 13.3.0.1 |
| Oracle | Communications Billing And Revenue Management Elastic Charging Engine | 11.3 |
| Oracle | Communications Cloud Native Core Policy | 1.5.0 |
| Oracle | Communications Diameter Signaling Router | >= 8.0.0, <= 8.2.2 |
| Oracle | Communications Element Manager | 8.1.1 |
| Oracle | Communications Policy Management | 12.5.0 |
| Oracle | Communications Session Report Manager | 8.1.1 |
| Oracle | Communications Session Route Manager | 8.1.1 |
| Oracle | Enterprise Manager Base Platform | 13.2.1.0 |
| Oracle | Financial Services Regulatory Reporting With Agilereporter | 8.0.9.2.0 |
| Oracle | Flexcube Private Banking | 12.0.0 |
| Oracle | Healthcare Master Person Index | 4.0.2 |
| Oracle | Insurance Calculation Engine | >= 11.0.0, <= 11.3.1 |
| Oracle | Insurance Policy Administration J2Ee | 10.2.0 |
| Oracle | Insurance Rules Palette | 10.2.0 |
| Oracle | Mysql | >= 4.0.0, <= 4.0.12 |
| Oracle | Rapid Planning | 12.1 |
| Oracle | Retail Assortment Planning | 15.0 |
| Oracle | Retail Back Office | 14.1 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b44
- https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7
- https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448
- https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e3
- https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61b
- https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b3154
- https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59
- https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c8
- https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f043004682938
- https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3f
- https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766
- https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637
- https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e94
- https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da62
- https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abd
FAQ
What is CVE-2020-5398?
CVE-2020-5398 is a vulnerability with a CVSS score of 7.5 (HIGH). In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it s...
How severe is CVE-2020-5398?
CVE-2020-5398 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5398?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Framework, Oracle Application Testing Suite, Oracle Communications Billing And Revenue Management Elastic Charging Engine, Oracle Communications Cloud Native Core Policy, Oracle Communications Diameter Signaling Router.