CVE-2020-5421: RFD Protection Bypass via jsessionid
First published: Thu Sep 17 2020(Updated: )
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Credit: security@pivotal.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.springframework:spring-framework-bom | <4.3.29 | 4.3.29 |
| maven/org.springframework:spring-framework-bom | >=5.0.0<=5.0.18 | 5.0.19 |
| maven/org.springframework:spring-framework-bom | >=5.1.0<=5.1.17 | 5.1.18 |
| maven/org.springframework:spring-framework-bom | >=5.2.0<=5.2.8 | 5.2.9 |
| redhat/springframework | <5.2.9 | 5.2.9 |
| redhat/springframework | <5.1.18 | 5.1.18 |
| redhat/springframework | <5.0.19 | 5.0.19 |
| redhat/springframework | <4.3.29 | 4.3.29 |
| IBM Security Risk Manager on CP4S | <=CP4S 1.7.2.0 | |
| VMware Spring Framework | <4.3.29 | |
| VMware Spring Framework | >=5.0.0<5.0.19 | |
| VMware Spring Framework | >=5.1.0<5.1.18 | |
| VMware Spring Framework | >=5.2.0<5.2.9 | |
| Oracle Commerce | =11.3.2 | |
| Oracle Communications Billing and Revenue Management | =11.3.0.9 | |
| Oracle Communications Billing and Revenue Management | =12.0.0.3 | |
| Oracle Communications Design Studio | =7.3.4 | |
| Oracle Communications Design Studio | =7.3.5 | |
| Oracle Communications Design Studio | =7.4.0 | |
| Oracle Communications Session Report Manager | >=8.2.1<=8.2.2.1 | |
| Oracle Communications Unified Inventory Management | =7.3.4 | |
| Oracle Communications Unified Inventory Management | =7.3.5 | |
| Oracle Endeca Information Discovery Integrator | =3.2.0 | |
| Oracle Enterprise Data Quality | =12.2.1.3.0 | |
| Oracle Enterprise Data Quality | =12.2.1.4.0 | |
| Oracle Financial Services Analytical Applications Infrastructure | >=8.0.6<=8.1.0 | |
| Oracle FLEXCUBE Private Banking | =12.0.0 | |
| Oracle FLEXCUBE Private Banking | =12.1.0 | |
| Oracle Fusion Middleware | =12.2.1.3.0 | |
| Oracle Fusion Middleware | =12.2.1.4.0 | |
| Oracle GoldenGate Application Adapters | =19.1.0.0.0 | |
| Oracle Healthcare Master Person Index | =4.0.2.5 | |
| Oracle Hyperion Infrastructure Technology | =11.1.2.4 | |
| Oracle Insurance Policy Administration | >=11.1.0<=11.3.0 | |
| Oracle Insurance Policy Administration | =10.2 | |
| Oracle Insurance Policy Administration | =10.2.4 | |
| Oracle Insurance Policy Administration | =11.0.2 | |
| Oracle Insurance Rules Palette | >=11.1.0<=11.3.0 | |
| Oracle Insurance Rules Palette | =10.2.0 | |
| Oracle Insurance Rules Palette | =10.2.4 | |
| Oracle Insurance Rules Palette | =11.0.2 | |
| MySQL Enterprise Monitor | <=8.0.22 | |
| MySQL Enterprise Monitor | =8.0.23 | |
| Oracle Primavera Gateway | >=16.2.0<=16.2.11 | |
| Oracle Primavera Gateway | >=17.12.0<=17.12.9 | |
| Oracle Primavera Gateway | >=18.8.0<=18.8.10 | |
| Oracle Primavera Gateway | >=19.12.0<=19.12.10 | |
| Oracle Primavera P6 Enterprise Project Portfolio Management | >=16.1.0<=16.2.20 | |
| Oracle Primavera P6 Enterprise Project Portfolio Management | >=17.1.0<=17.12.19 | |
| Oracle Primavera P6 Enterprise Project Portfolio Management | >=18.1.0<=18.8.21 | |
| Oracle Primavera P6 Enterprise Project Portfolio Management | >=19.12.0<=19.12.10 | |
| Oracle Retail Assortment Planning | =16.0.3.0 | |
| Oracle Retail Bulk Data Integration | =16.0.3.0 | |
| Oracle Retail Customer Engagement | >=16.0<=19.0 | |
| Oracle Customer Management and Segmentation Foundation | >=16.0<=19.0 | |
| Oracle Retail Financial Integration | =14.1.3 | |
| Oracle Retail Financial Integration | =15.0.3 | |
| Oracle Retail Financial Integration | =16.0.3 | |
| Oracle Retail Integration Bus | =14.1.3 | |
| Oracle Retail Integration Bus | =15.0.3 | |
| Oracle Retail Integration Bus | =16.0.3 | |
| Oracle Retail Invoice Matching | =14.0 | |
| Oracle Retail Invoice Matching | =14.1 | |
| Oracle Retail Merchandising System | =16.0.3 | |
| Oracle Retail Order Broker | =15.0 | |
| Oracle Retail Order Broker | =16.0 | |
| Oracle Retail Predictive Application Server | =14.1 | |
| Oracle Retail Returns Management | =14.1 | |
| Oracle Retail Service Backbone | =14.1.3 | |
| Oracle Retail Service Backbone | =15.0.3 | |
| Oracle Retail Service Backbone | =16.0.3 | |
| Oracle Retail Xstore Office Cloud Service | =15.0.4 | |
| Oracle Retail Xstore Office Cloud Service | =16.0.6 | |
| Oracle Retail Xstore Office Cloud Service | =17.0.4 | |
| Oracle Retail Xstore Office Cloud Service | =18.0.3 | |
| Oracle Retail Xstore Office Cloud Service | =19.0.2 | |
| Oracle StorageTek ACSLS | =8.5.1 | |
| Oracle Storagetek Tape Analytics | =2.3 | |
| Oracle WebLogic Server | =10.3.6.0.0 | |
| Oracle WebLogic Server | =12.1.3.0.0 | |
| Oracle WebLogic Server | =12.2.1.3.0 | |
| Oracle WebLogic Server | =12.2.1.4.0 | |
| Oracle WebLogic Server | =14.1.1.0.0 | |
| NetApp OnCommand Insight | ||
| NetApp Snap Creator Framework | ||
| NetApp SnapCenter |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2020-5421
- https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E
- https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
- https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E
- https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E
- https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E
- https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E
- https://tanzu.vmware.com/security/cve-2020-5421
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://security.netapp.com/advisory/ntap-20210513-0009/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://github.com/advisories/GHSA-rv39-3qh7-9v7w (Advisory)
- https://www.cve.org/CVERecord?id=CVE-2020-5421 https://nvd.nist.gov/vuln/detail/CVE-2020-5421
- https://bugzilla.redhat.com/show_bug.cgi?id=1881158
- https://access.redhat.com/errata/RHSA-2021:3140
- https://access.redhat.com/security/cve/cve-2020-5421
- https://access.redhat.com/security/cve/CVE-2015-5211
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1881159
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://exchange.xforce.ibmcloud.com/vulnerabilities/188530
- https://www.ibm.com/support/pages/node/6505281 (Advisory)
- https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3E
- https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E
- https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E
- https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3E
- https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3E
- https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3E
- https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2020-5421?
CVE-2020-5421 is classified as a medium severity vulnerability that allows bypassing protections against certain RFD attacks.
How do I fix CVE-2020-5421?
To fix CVE-2020-5421, upgrade your Spring Framework to version 4.3.29, 5.0.19, 5.1.18, or 5.2.9 or higher.
Which versions of Spring Framework are vulnerable to CVE-2020-5421?
Spring Framework versions 5.2.0 to 5.2.8, 5.1.0 to 5.1.17, 5.0.0 to 5.0.18, and 4.3.0 to 4.3.28 are vulnerable.
What types of attacks are associated with CVE-2020-5421?
CVE-2020-5421 is associated with Remote Frame Denial (RFD) attacks that may be exploited through browser behavior.
Is CVE-2020-5421 affecting any specific software products?
Yes, CVE-2020-5421 affects products based on vulnerable versions of the Spring Framework, including various Oracle and IBM applications.
- collector/github-advisory-latest
- alias/GHSA-rv39-3qh7-9v7w
- alias/CVE-2020-5421
- collector/github-advisory
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/title
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- collector/nvd-index
- package-manager/maven
- package-manager/redhat
- vendor/ibm
- canonical/ibm security risk manager on cp4s
- version/ibm security risk manager on cp4s/cp4s 1.7.2.0
- vendor/vmware
- canonical/vmware spring framework
- version/vmware spring framework/5.0.0
- version/vmware spring framework/5.1.0
- version/vmware spring framework/5.2.0
- vendor/oracle
- canonical/oracle commerce
- version/oracle commerce/11.3.2
- canonical/oracle communications billing and revenue management
- version/oracle communications billing and revenue management/11.3.0.9
- version/oracle communications billing and revenue management/12.0.0.3
- canonical/oracle communications design studio
- version/oracle communications design studio/7.3.4
- version/oracle communications design studio/7.3.5
- version/oracle communications design studio/7.4.0
- canonical/oracle communications session report manager
- version/oracle communications session report manager/8.2.1
- version/oracle communications session report manager/8.2.2.1
- canonical/oracle communications unified inventory management
- version/oracle communications unified inventory management/7.3.4
- version/oracle communications unified inventory management/7.3.5
- canonical/oracle endeca information discovery integrator
- version/oracle endeca information discovery integrator/3.2.0
- canonical/oracle enterprise data quality
- version/oracle enterprise data quality/12.2.1.3.0
- version/oracle enterprise data quality/12.2.1.4.0
- canonical/oracle financial services analytical applications infrastructure
- version/oracle financial services analytical applications infrastructure/8.0.6
- version/oracle financial services analytical applications infrastructure/8.1.0
- canonical/oracle flexcube private banking
- version/oracle flexcube private banking/12.0.0
- version/oracle flexcube private banking/12.1.0
- canonical/oracle fusion middleware
- version/oracle fusion middleware/12.2.1.3.0
- version/oracle fusion middleware/12.2.1.4.0
- canonical/oracle goldengate application adapters
- version/oracle goldengate application adapters/19.1.0.0.0
- canonical/oracle healthcare master person index
- version/oracle healthcare master person index/4.0.2.5
- canonical/oracle hyperion infrastructure technology
- version/oracle hyperion infrastructure technology/11.1.2.4
- canonical/oracle insurance policy administration
- version/oracle insurance policy administration/11.1.0
- version/oracle insurance policy administration/11.3.0
- version/oracle insurance policy administration/10.2
- version/oracle insurance policy administration/10.2.4
- version/oracle insurance policy administration/11.0.2
- canonical/oracle insurance rules palette
- version/oracle insurance rules palette/11.1.0
- version/oracle insurance rules palette/11.3.0
- version/oracle insurance rules palette/10.2.0
- version/oracle insurance rules palette/10.2.4
- version/oracle insurance rules palette/11.0.2
- canonical/mysql enterprise monitor
- version/mysql enterprise monitor/8.0.22
- version/mysql enterprise monitor/8.0.23
- canonical/oracle primavera gateway
- version/oracle primavera gateway/16.2.0
- version/oracle primavera gateway/16.2.11
- version/oracle primavera gateway/17.12.0
- version/oracle primavera gateway/17.12.9
- version/oracle primavera gateway/18.8.0
- version/oracle primavera gateway/18.8.10
- version/oracle primavera gateway/19.12.0
- version/oracle primavera gateway/19.12.10
- canonical/oracle primavera p6 enterprise project portfolio management
- version/oracle primavera p6 enterprise project portfolio management/16.1.0
- version/oracle primavera p6 enterprise project portfolio management/16.2.20
- version/oracle primavera p6 enterprise project portfolio management/17.1.0
- version/oracle primavera p6 enterprise project portfolio management/17.12.19
- version/oracle primavera p6 enterprise project portfolio management/18.1.0
- version/oracle primavera p6 enterprise project portfolio management/18.8.21
- version/oracle primavera p6 enterprise project portfolio management/19.12.0
- version/oracle primavera p6 enterprise project portfolio management/19.12.10
- canonical/oracle retail assortment planning
- version/oracle retail assortment planning/16.0.3.0
- canonical/oracle retail bulk data integration
- version/oracle retail bulk data integration/16.0.3.0
- canonical/oracle retail customer engagement
- version/oracle retail customer engagement/16.0
- version/oracle retail customer engagement/19.0
- canonical/oracle customer management and segmentation foundation
- version/oracle customer management and segmentation foundation/16.0
- version/oracle customer management and segmentation foundation/19.0
- canonical/oracle retail financial integration
- version/oracle retail financial integration/14.1.3
- version/oracle retail financial integration/15.0.3
- version/oracle retail financial integration/16.0.3
- canonical/oracle retail integration bus
- version/oracle retail integration bus/14.1.3
- version/oracle retail integration bus/15.0.3
- version/oracle retail integration bus/16.0.3
- canonical/oracle retail invoice matching
- version/oracle retail invoice matching/14.0
- version/oracle retail invoice matching/14.1
- canonical/oracle retail merchandising system
- version/oracle retail merchandising system/16.0.3
- canonical/oracle retail order broker
- version/oracle retail order broker/15.0
- version/oracle retail order broker/16.0
- canonical/oracle retail predictive application server
- version/oracle retail predictive application server/14.1
- canonical/oracle retail returns management
- version/oracle retail returns management/14.1
- canonical/oracle retail service backbone
- version/oracle retail service backbone/14.1.3
- version/oracle retail service backbone/15.0.3
- version/oracle retail service backbone/16.0.3
- canonical/oracle retail xstore office cloud service
- version/oracle retail xstore office cloud service/15.0.4
- version/oracle retail xstore office cloud service/16.0.6
- version/oracle retail xstore office cloud service/17.0.4
- version/oracle retail xstore office cloud service/18.0.3
- version/oracle retail xstore office cloud service/19.0.2
- canonical/oracle storagetek acsls
- version/oracle storagetek acsls/8.5.1
- canonical/oracle storagetek tape analytics
- version/oracle storagetek tape analytics/2.3
- canonical/oracle weblogic server
- version/oracle weblogic server/10.3.6.0.0
- version/oracle weblogic server/12.1.3.0.0
- version/oracle weblogic server/12.2.1.3.0
- version/oracle weblogic server/12.2.1.4.0
- version/oracle weblogic server/14.1.1.0.0
- vendor/netapp
- canonical/netapp oncommand insight
- canonical/netapp snap creator framework
- canonical/netapp snapcenter