Protect against RFD exploits [SPR-13548] #18124

spring-projects-issues · 2015-10-07T21:42:16Z

Rossen Stoyanchev opened SPR-13548 and commented

For details and concrete examples of RFD attacks see the RFD paper from Trustwave.

For information specific to Spring MVC see the CVE-2015-5211 security report.

Affects: 3.2.14, 4.1.7, 4.2.1

Issue Links:

Content Disposition header being added on some urls...did not behave this way in 4.2.1 [SPR-13647] #18224 Content Disposition header being added on some urls...did not behave this way in 4.2.1
Content-Disposition added for @ResponseBody methods explicitly mapped to ".html" or other extensions [SPR-13629] #18207 Content-Disposition added for @ResponseBody methods explicitly mapped to ".html" or other extensions
Content-Disposition header causes download in browser for Spring Boot Actuator endpoints [SPR-13587] #18164 Content-Disposition header causes download in browser for Spring Boot Actuator endpoints
Skip Content-Disposition header when status != 2xx [SPR-13588] #18165 Skip Content-Disposition header when status != 2xx
Content-Disposition with fixed file name "f.txt" causes confusion [SPR-13643] #18220 Content-Disposition with fixed file name "f.txt" causes confusion

Backported to: 4.1.8, 3.2.15

The text was updated successfully, but these errors were encountered:

spring-projects-issues closed this as completed Nov 6, 2015

spring-projects-issues added status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement in: web Issues in web modules (web, webmvc, webflux, websocket) labels Jan 11, 2019

spring-projects-issues added this to the 4.2.2 milestone Jan 11, 2019

spring-projects-issues assigned rstoyanchev Jan 11, 2019

cx-ronen-riesenfeld mentioned this issue Mar 4, 2022

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.4.RELEASE cx-ronen-riesenfeld/AST_BookStore#74

Open

cx-ronen-riesenfeld mentioned this issue Sep 20, 2022

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.4.RELEASE cx-ronen-riesenfeld/BookStore_VSCode#107

Closed

cx-ronen-riesenfeld mentioned this issue Nov 28, 2022

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.8.RELEASE cx-ronen-riesenfeld/BookStore#129

Open

cx-ronen-riesenfeld mentioned this issue Jan 26, 2023

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.8.RELEASE cx-ronen-riesenfeld/BookStore#351

Open

cx-ronen-riesenfeld mentioned this issue Nov 22, 2022

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.8.RELEASE cx-ronen-riesenfeld/AST_BookStore#356

Open

This was referenced Feb 21, 2023

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.8.RELEASE cx-ronen-riesenfeld/BookStore#587

Open

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.8.RELEASE cx-ronen-riesenfeld/AST_BookStore#570

Open

cx-ronen-riesenfeld mentioned this issue Feb 15, 2023

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.8.RELEASE cx-ronen-riesenfeld/BookStore_VSCode#354

Closed

cx-ronen-riesenfeld mentioned this issue Apr 13, 2023

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.8.RELEASE cx-ronen-riesenfeld/BookStore_VSCode#581

Closed

cx-ronen-riesenfeld mentioned this issue May 25, 2023

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.4.RELEASE cx-ronen-riesenfeld/BookStore_VSCode#669

Open

cx-ronen-riesenfeld mentioned this issue May 25, 2023

CVE-2015-5211 @ Maven-org.springframework:spring-web-3.2.4.RELEASE cx-ronen-riesenfeld/BookStore_VSCode#956

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Protect against RFD exploits [SPR-13548] #18124

Protect against RFD exploits [SPR-13548] #18124

spring-projects-issues commented Oct 7, 2015 •

edited

Loading

Protect against RFD exploits [SPR-13548] #18124

Protect against RFD exploits [SPR-13548] #18124

Comments

spring-projects-issues commented Oct 7, 2015 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

spring-projects-issues commented Oct 7, 2015 •

edited

Loading