CVE-2015-5211

critical

VMware

CVSS v3 Base Score

9.6

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

1.9%

Exploitation probability in 30 days

Top 17% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: May 25, 2017 (3276 days ago)

Last Modified: May 13, 2026

Vendor: VMware

Source: NVD

Description

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

CWE

CWE-552

Affected Products

vmware spring frameworkdebian debian linux

References

🔗 lists.debian.org 🔗 pivotal.io 🔗 www.trustwave.com 🔗 lists.debian.org 🔗 pivotal.io

CVE-2015-5211

Vulnerability Report

Description

CWE

Affected Products

References