In Spring Framework, versions 5.2.x before 5.2.3, versions 5.1.x before 5.1.13, and versions 5.0.x before 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring framework |
||
oracle flexcube private banking 12.1.0 |
||
oracle insurance policy administration j2ee 10.2.0 |
||
oracle flexcube private banking 12.0.0 |
||
oracle insurance rules palette 10.2.0 |
||
oracle retail service backbone 15.0 |
||
oracle retail back office 14.1 |
||
oracle weblogic server 12.2.1.3.0 |
||
oracle application testing suite 13.3.0.1 |
||
oracle retail order broker 15.0 |
||
oracle retail order broker 16.0 |
||
oracle retail returns management 14.1 |
||
oracle retail central office 14.1 |
||
oracle retail assortment planning 15.0 |
||
oracle retail point-of-service 14.1 |
||
oracle retail predictive application server 15.0.3 |
||
oracle retail assortment planning 16.0 |
||
oracle retail financial integration 15.0 |
||
oracle retail financial integration 16.0 |
||
oracle communications policy management 12.5.0 |
||
oracle weblogic server 12.2.1.4.0 |
||
oracle mysql |
||
oracle rapid planning 12.1 |
||
oracle rapid planning 12.2 |
||
oracle communications element manager 8.2.0 |
||
oracle communications element manager 8.2.1 |
||
oracle communications element manager 8.1.1 |
||
oracle communications diameter signaling router |
||
oracle retail predictive application server 14.1.3.0 |
||
oracle retail bulk data integration 16.0.3.0 |
||
oracle retail predictive application server 16.0.3.0 |
||
oracle communications session report manager 8.1.1 |
||
oracle communications session report manager 8.2.0 |
||
oracle communications session report manager 8.2.1 |
||
oracle communications session route manager 8.1.1 |
||
oracle communications session route manager 8.2.0 |
||
oracle communications session route manager 8.2.1 |
||
oracle retail service backbone 16.0 |
||
oracle retail integration bus 15.0.3 |
||
oracle retail predictive application server 14.0.3 |
||
oracle retail integration bus 16.0.3 |
||
oracle insurance rules palette 10.2.4 |
||
oracle insurance rules palette 11.0.2 |
||
oracle insurance rules palette 11.1.0 |
||
oracle insurance rules palette 11.2.0 |
||
oracle insurance policy administration j2ee 10.2.4 |
||
oracle insurance policy administration j2ee 11.0.2 |
||
oracle insurance policy administration j2ee 11.1.0 |
||
oracle insurance policy administration j2ee 11.2.0 |
||
oracle healthcare master person index 4.0.2 |
||
oracle communications billing and revenue management elastic charging engine 11.3 |
||
oracle communications billing and revenue management elastic charging engine 12.0 |
||
oracle financial services regulatory reporting with agilereporter 8.0.9.2.0 |
||
oracle enterprise manager base platform 13.2.1.0 |
||
oracle insurance policy administration j2ee 11.2.2.0 |
||
oracle communications cloud native core policy 1.5.0 |
||
oracle siebel engineering - installer \\& deployment |
||
oracle insurance calculation engine |
||
netapp snapcenter - |
||
netapp data availability services - |