First published: Thu Sep 17 2020(Updated: )
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Credit: security@pivotal.io security@pivotal.io
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.springframework:spring-framework-bom | <4.3.29 | 4.3.29 |
maven/org.springframework:spring-framework-bom | >=5.0.0<=5.0.18 | 5.0.19 |
maven/org.springframework:spring-framework-bom | >=5.1.0<=5.1.17 | 5.1.18 |
maven/org.springframework:spring-framework-bom | >=5.2.0<=5.2.8 | 5.2.9 |
IBM Security Directory Suite VA | <=8.0.1-8.0.1.19 | |
redhat/springframework | <5.2.9 | 5.2.9 |
redhat/springframework | <5.1.18 | 5.1.18 |
redhat/springframework | <5.0.19 | 5.0.19 |
redhat/springframework | <4.3.29 | 4.3.29 |
VMware Spring Framework | <4.3.29 | |
VMware Spring Framework | >=5.0.0<5.0.19 | |
VMware Spring Framework | >=5.1.0<5.1.18 | |
VMware Spring Framework | >=5.2.0<5.2.9 | |
Oracle Commerce Guided Search | =11.3.2 | |
Oracle Communications Brm | =11.3.0.9 | |
Oracle Communications Brm | =12.0.0.3 | |
Oracle Communications Design Studio | =7.3.4 | |
Oracle Communications Design Studio | =7.3.5 | |
Oracle Communications Design Studio | =7.4.0 | |
Oracle Communications Session Report Manager | >=8.2.1<=8.2.2.1 | |
Oracle Communications Unified Inventory Management | =7.3.4 | |
Oracle Communications Unified Inventory Management | =7.3.5 | |
Oracle Endeca Information Discovery Integrator | =3.2.0 | |
Oracle Enterprise Data Quality | =12.2.1.3.0 | |
Oracle Enterprise Data Quality | =12.2.1.4.0 | |
Oracle Financial Services Analytical Applications Infrastructure | >=8.0.6<=8.1.0 | |
Oracle FLEXCUBE Private Banking | =12.0.0 | |
Oracle FLEXCUBE Private Banking | =12.1.0 | |
Oracle Fusion Middleware | =12.2.1.3.0 | |
Oracle Fusion Middleware | =12.2.1.4.0 | |
Oracle Goldengate Application Adapters | =19.1.0.0.0 | |
Oracle Healthcare Master Person Index | =4.0.2.5 | |
Oracle Hyperion Infrastructure Technology | =11.1.2.4 | |
Oracle Insurance Policy Administration | >=11.1.0<=11.3.0 | |
Oracle Insurance Policy Administration | =10.2 | |
Oracle Insurance Policy Administration | =10.2.4 | |
Oracle Insurance Policy Administration | =11.0.2 | |
Oracle Insurance Rules Palette | >=11.1.0<=11.3.0 | |
Oracle Insurance Rules Palette | =10.2.0 | |
Oracle Insurance Rules Palette | =10.2.4 | |
Oracle Insurance Rules Palette | =11.0.2 | |
Oracle Mysql Enterprise Monitor | <=8.0.22 | |
Oracle Mysql Enterprise Monitor | =8.0.23 | |
Oracle Primavera Gateway | >=16.2.0<=16.2.11 | |
Oracle Primavera Gateway | >=17.12.0<=17.12.9 | |
Oracle Primavera Gateway | >=18.8.0<=18.8.10 | |
Oracle Primavera Gateway | >=19.12.0<=19.12.10 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | >=16.1.0<=16.2.20 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | >=17.1.0<=17.12.19 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | >=18.1.0<=18.8.21 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | >=19.12.0<=19.12.10 | |
Oracle Retail Assortment Planning | =16.0.3.0 | |
Oracle Retail Bulk Data Integration | =16.0.3.0 | |
Oracle Retail Customer Engagement | >=16.0<=19.0 | |
Oracle Retail Customer Management and Segmentation Foundation | >=16.0<=19.0 | |
Oracle Retail Financial Integration | =14.1.3 | |
Oracle Retail Financial Integration | =15.0.3 | |
Oracle Retail Financial Integration | =16.0.3 | |
Oracle Retail Integration Bus | =14.1.3 | |
Oracle Retail Integration Bus | =15.0.3 | |
Oracle Retail Integration Bus | =16.0.3 | |
Oracle Retail Invoice Matching | =14.0 | |
Oracle Retail Invoice Matching | =14.1 | |
Oracle Retail Merchandising System | =16.0.3 | |
Oracle Retail Order Broker | =15.0 | |
Oracle Retail Order Broker | =16.0 | |
Oracle Retail Predictive Application Server | =14.1 | |
Oracle Retail Returns Management | =14.1 | |
Oracle Retail Service Backbone | =14.1.3 | |
Oracle Retail Service Backbone | =15.0.3 | |
Oracle Retail Service Backbone | =16.0.3 | |
Oracle Retail Xstore Point of Service | =15.0.4 | |
Oracle Retail Xstore Point of Service | =16.0.6 | |
Oracle Retail Xstore Point of Service | =17.0.4 | |
Oracle Retail Xstore Point of Service | =18.0.3 | |
Oracle Retail Xstore Point of Service | =19.0.2 | |
Oracle Storagetek Acsls | =8.5.1 | |
Oracle Storagetek Tape Analytics Sw Tool | =2.3 | |
Oracle WebLogic Server | =10.3.6.0.0 | |
Oracle WebLogic Server | =12.1.3.0.0 | |
Oracle WebLogic Server | =12.2.1.3.0 | |
Oracle WebLogic Server | =12.2.1.4.0 | |
Oracle WebLogic Server | =14.1.1.0.0 | |
NetApp OnCommand Insight | ||
NetApp Snap Creator Framework | ||
Netapp Snapcenter |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.