In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-09-19 04:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-5421
Mitre link : CVE-2020-5421
CVE.ORG link : CVE-2020-5421
JSON object : View
Products Affected
oracle
- communications_session_report_manager
- storagetek_tape_analytics_sw_tool
- financial_services_analytical_applications_infrastructure
- goldengate_application_adapters
- flexcube_private_banking
- retail_assortment_planning
- primavera_p6_enterprise_project_portfolio_management
- retail_order_broker
- retail_financial_integration
- retail_returns_management
- storagetek_acsls
- retail_xstore_point_of_service
- retail_merchandising_system
- hyperion_infrastructure_technology
- endeca_information_discovery_integrator
- communications_unified_inventory_management
- commerce_guided_search
- communications_design_studio
- communications_brm
- retail_predictive_application_server
- retail_bulk_data_integration
- retail_integration_bus
- mysql_enterprise_monitor
- fusion_middleware
- retail_service_backbone
- healthcare_master_person_index
- insurance_policy_administration
- insurance_rules_palette
- primavera_gateway
- retail_customer_management_and_segmentation_foundation
- retail_invoice_matching
- enterprise_data_quality
- retail_customer_engagement
- weblogic_server
vmware
- spring_framework
netapp
- snap_creator_framework
- snapcenter
- oncommand_insight
CWE