CVE-2020-5398 (CNNVD-202001-839)
HIGH
中文标题:
Vmware Spring Framework 跨站脚本漏洞
英文标题:
RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
CVSS分数:
8.0
发布时间:
2020-01-16 23:55:15
漏洞类型:
跨站脚本
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Vmware Spring Framework是美国威睿(Vmware)公司的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Software Spring Framework 5.2.3之前的5.2.x版本、5.1.13之前的5.1.x版本和5.0.16之前的5.0.x版本中存在跨站脚本漏洞。远程攻击者可通过实施反射型文件下载(RFD)攻击利用该漏洞获取敏感信息。
英文描述:
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CWE类型:
CWE-79
CWE-494
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Spring | Spring Framework | - | < v5.0.16.RELEASE | - |
cpe:2.3:a:spring:spring_framework:*:*:*:*:*:*:*:*
|
| vmware | spring_framework | * | - | - |
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
|
| oracle | application_testing_suite | 13.3.0.1 | - | - |
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
|
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | 11.3 | - | - |
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*
|
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | 12.0 | - | - |
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_policy | 1.5.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.5.0:*:*:*:*:*:*:*
|
| oracle | communications_diameter_signaling_router | * | - | - |
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
| oracle | communications_element_manager | 8.1.1 | - | - |
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
|
| oracle | communications_element_manager | 8.2.0 | - | - |
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
|
| oracle | communications_element_manager | 8.2.1 | - | - |
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
|
| oracle | communications_policy_management | 12.5.0 | - | - |
cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
|
| oracle | communications_session_report_manager | 8.1.1 | - | - |
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
|
| oracle | communications_session_report_manager | 8.2.0 | - | - |
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
|
| oracle | communications_session_report_manager | 8.2.1 | - | - |
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
|
| oracle | communications_session_route_manager | 8.1.1 | - | - |
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
|
| oracle | communications_session_route_manager | 8.2.0 | - | - |
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
|
| oracle | communications_session_route_manager | 8.2.1 | - | - |
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
|
| oracle | enterprise_manager_base_platform | 13.2.1.0 | - | - |
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*
|
| oracle | financial_services_regulatory_reporting_with_agilereporter | 8.0.9.2.0 | - | - |
cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*
|
| oracle | flexcube_private_banking | 12.0.0 | - | - |
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
|
| oracle | flexcube_private_banking | 12.1.0 | - | - |
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
|
| oracle | healthcare_master_person_index | 4.0.2 | - | - |
cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*
|
| oracle | insurance_calculation_engine | * | - | - |
cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration_j2ee | 10.2.0 | - | - |
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration_j2ee | 10.2.4 | - | - |
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration_j2ee | 11.0.2 | - | - |
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration_j2ee | 11.1.0 | - | - |
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration_j2ee | 11.2.0 | - | - |
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration_j2ee | 11.2.2.0 | - | - |
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.2.0:*:*:*:*:*:*:*
|
| oracle | insurance_rules_palette | 10.2.0 | - | - |
cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*
|
| oracle | insurance_rules_palette | 10.2.4 | - | - |
cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*
|
| oracle | insurance_rules_palette | 11.0.2 | - | - |
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
|
| oracle | insurance_rules_palette | 11.1.0 | - | - |
cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
|
| oracle | insurance_rules_palette | 11.2.0 | - | - |
cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*
|
| oracle | mysql | * | - | - |
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
|
| oracle | rapid_planning | 12.1 | - | - |
cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
|
| oracle | rapid_planning | 12.2 | - | - |
cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
|
| oracle | retail_assortment_planning | 15.0 | - | - |
cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*
|
| oracle | retail_assortment_planning | 16.0 | - | - |
cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*
|
| oracle | retail_back_office | 14.1 | - | - |
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
|
| oracle | retail_bulk_data_integration | 16.0.3.0 | - | - |
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*
|
| oracle | retail_central_office | 14.1 | - | - |
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
|
| oracle | retail_financial_integration | 15.0 | - | - |
cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*
|
| oracle | retail_financial_integration | 16.0 | - | - |
cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*
|
| oracle | retail_integration_bus | 15.0.3 | - | - |
cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*
|
| oracle | retail_integration_bus | 16.0.3 | - | - |
cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*
|
| oracle | retail_order_broker | 15.0 | - | - |
cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
|
| oracle | retail_order_broker | 16.0 | - | - |
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
|
| oracle | retail_point-of-service | 14.1 | - | - |
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
|
| oracle | retail_predictive_application_server | 14.0.3 | - | - |
cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*
|
| oracle | retail_predictive_application_server | 14.1.3.0 | - | - |
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*
|
| oracle | retail_predictive_application_server | 15.0.3 | - | - |
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
|
| oracle | retail_predictive_application_server | 16.0.3.0 | - | - |
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*
|
| oracle | retail_returns_management | 14.1 | - | - |
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 15.0 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 16.0 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
|
| oracle | siebel_engineering_-_installer_\&_deployment | * | - | - |
cpe:2.3:a:oracle:siebel_engineering_-_installer_\&_deployment:*:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
| netapp | data_availability_services | - | - | - |
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
|
| netapp | snapcenter | - | - | - |
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
[camel-commits] 20200220 [camel] branch camel-2.25.x updated: Updating Spring due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[geode-dev] 20200410 Proposal to bring GEODE-7970 to support/1.12
mailing-list
cve.org
访问
cve.org
[geode-dev] 20200410 Re: Proposal to bring GEODE-7970 to support/1.12
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200514 [jira] [Created] (KARAF-6721) Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200514 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200514 [GitHub] [karaf] coheigea opened a new pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200514 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200514 [GitHub] [karaf] skitt commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200514 [GitHub] [karaf] coheigea commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200517 [jira] [Assigned] (KARAF-6721) Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200517 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200518 [jira] [Commented] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200518 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200518 [GitHub] [karaf] jbonofre removed a comment on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200518 [GitHub] [karaf] jbonofre merged pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200518 [karaf] branch karaf-4.2.x updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20200518 [karaf] branch master updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
[karaf-issues] 20200518 [jira] [Resolved] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421
mailing-list
cve.org
访问
cve.org
[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421
mailing-list
cve.org
访问
cve.org
[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421
mailing-list
cve.org
访问
cve.org
[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[rocketmq-dev] 20210317 [GitHub] [rocketmq-externals] vongosling commented on issue #690: Spring Framework CVE-2020-5398
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
CVSS评分详情
3.0 (cna)
HIGH
8.0
CVSS向量:
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2020-01-16 23:55:15
修改时间:
2024-09-16 17:43:32
创建时间:
2025-11-11 15:36:24
更新时间:
2025-11-11 15:55:24
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2020-5398 |
2025-11-11 15:20:39 | 2025-11-11 07:36:24 |
| NVD | nvd_CVE-2020-5398 |
2025-11-11 14:56:55 | 2025-11-11 07:44:47 |
| CNNVD | cnnvd_CNNVD-202001-839 |
2025-11-11 15:10:21 | 2025-11-11 07:55:24 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:55:24
vulnerability_type: 未提取 → 跨站脚本; cnnvd_id: 未提取 → CNNVD-202001-839; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 跨站脚本
- cnnvd_id: 未提取 -> CNNVD-202001-839
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:44:47
affected_products_count: 3 → 61; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- affected_products_count: 3 -> 61
- data_sources: ['cve'] -> ['cve', 'nvd']