Updated springframework packages fix security vulnerability

2015-11-0421:03:05

Gentoo Foundation

advisories.mageia.org

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.5%

JSON

Under some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response (CVE-2015-5211).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchjson-smart< 1.3-0.20140820.1json-smart-1.3-0.20140820.1.mga5
Mageia5noarchjson-path< 0.9.1-1json-path-0.9.1-1.mga5
Mageia5noarchspringframework< 3.2.15-1springframework-3.2.15-1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	json-smart	< 1.3-0.20140820.1	json-smart-1.3-0.20140820.1.mga5
Mageia	5	noarch	json-path	< 0.9.1-1	json-path-0.9.1-1.mga5
Mageia	5	noarch	springframework	< 3.2.15-1	springframework-3.2.15-1.mga5