Description

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Remediation

References

CVE-2020-5421

Related Vulnerabilities

PostgreSQL Resource Management Errors Vulnerability (CVE-2012-2655)

Roundcube Improper Input Validation Vulnerability (CVE-2011-1492)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.12)

WordPress Plugin Interactive SVG Image Map Builder Cross-Site Scripting (1.0)

WordPress Plugin Add Link to Facebook Cross-Site Scripting (2.2.7)

Severity

Medium

Classification

CVE-2020-5421 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

Tags

Missing Update Known Vulnerabilities