In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: pivotal
Published: 2020-09-17T00:00:00
Updated: 2022-04-19T23:23:08
Reserved: 2020-01-03T00:00:00
Link: CVE-2020-5421
JSON object: View
NVD Information
Status : Modified
Published: 2020-09-19T04:15:11.527
Modified: 2023-11-07T03:23:46.983
Link: CVE-2020-5421
JSON object: View
Redhat Information
No data.
CWE