CVE-2020-5398 Details

CVE-2020-5398

Published: 2020-01-17
Last Modified: 2021-10-20
CVE Author: NIST National Vulnerability Database
CVE Assigner: security@pivotal.io
Summary

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7.6/10
Exploit Score 4.9/10
Access Vector Network
Access Complexity High
Authentication None
Impact Score 10/10
Confidentiality Impact Complete
Availability Impact Complete
Integrity Impact Complete
Vector String AV:N/AC:H/Au:N/C:C/I:C/A:C
Common Vulnerability Score System v3.1
Severity High
Base Score 7.5/10
Exploit Score 1.6/10
Access Vector Network
Access Complexity High
Privileges Required None
Impact Score 5.9/10
Confidentiality Impact High
Availability Impact High
Integrity Impact High
Scope Unchanged
User Interaction Required
Vector String CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* Yes 5.0.0 5.0.16
cpe:2.3:a:pivotal_software:spring_framework:5.1.0:-:*:*:*:*: Yes - -
cpe:2.3:a:pivotal_software:spring_framework:5.1.0:rc1:*:*:*: Yes - -
cpe:2.3:a:pivotal_software:spring_framework:5.1.0:rc2:*:*:*: Yes - -
cpe:2.3:a:pivotal_software:spring_framework:5.1.0:rc3:*:*:*: Yes - -
cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* Yes 5.1.1 5.1.13
cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* Yes 5.2.0 5.2.3
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*: Yes - -
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme Yes - -
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme Yes - -
cpe:2.3:a:oracle:communications_diameter_signaling_router:*: Yes 8.0.0 -
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*: Yes - -
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*: Yes - -
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*: Yes - -
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1 Yes - -
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0 Yes - -
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1 Yes - -
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1: Yes - -
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0: Yes - -
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1: Yes - -
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:* Yes - -
cpe:2.3:a:oracle:financial_services_regulatory_reporting_wit Yes - -
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*: Yes - -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0 Yes - -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4 Yes - -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2 Yes - -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0 Yes - -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0 Yes - -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.2 Yes - -
cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*: Yes - -
cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*: Yes - -
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*: Yes - -
cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*: Yes - -
cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*: Yes - -
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* Yes 4.0.0 -
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* Yes 8.0.0 -
cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:* Yes - -
cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3 Yes - -
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3 Yes - -
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3 Yes - -
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3 Yes - -
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* Yes - -
References

https://pivotal.io/security/cve-2020-5398
https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0
https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e0
https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75a
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca
https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e2339
https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f
https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b7785
https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57e
https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7d
https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314
https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a7845
https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd467492
https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468
https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842
https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3
https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660cc
https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41
https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6b
https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb
https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f4
https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1
https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97
https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf03
https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4
https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72f
https://www.oracle.com/security-alerts/cpujul2020.html
https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b
https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254
https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35e
https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b
https://www.oracle.com/security-alerts/cpujan2021.html
https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e
https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e75
https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143
https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a2
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://security.netapp.com/advisory/ntap-20210917-0006/
https://www.oracle.com/security-alerts/cpuoct2021.html

CVE ID
CVE-2020-5398
Published
2020-01-17
Modified
2021-10-20
CVSSv2.0
High
CVSSv3.1
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-494

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities