Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-5398

Description

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

POC

Reference

- https://www.oracle.com//security-alerts/cpujul2021.html

- https://www.oracle.com/security-alerts/cpuApr2021.html

- https://www.oracle.com/security-alerts/cpuapr2020.html

- https://www.oracle.com/security-alerts/cpujan2021.html

- https://www.oracle.com/security-alerts/cpujul2020.html

- https://www.oracle.com/security-alerts/cpujul2022.html

- https://www.oracle.com/security-alerts/cpuoct2020.html

- https://www.oracle.com/security-alerts/cpuoct2021.html

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Agilevatester/SpringSecurity

- https://github.com/Agilevatester/SpringSecurityV1

- https://github.com/CnHack3r/Penetration_PoC

- https://github.com/EchoGin404/-

- https://github.com/EchoGin404/gongkaishouji

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/IkerSaint/VULNAPP-vulnerable-app

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NetW0rK1le3r/awesome-hacking-lists

- https://github.com/Tyro-Shan/gongkaishouji

- https://github.com/YIXINSHUWU/Penetration_Testing_POC

- https://github.com/ZTK-009/Penetration_PoC

- https://github.com/ax1sX/SpringSecurity

- https://github.com/cyb3r-w0lf/nuclei-template-collection

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/hasee2018/Penetration_Testing_POC

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/huike007/penetration_poc

- https://github.com/huike007/poc

- https://github.com/huisetiankong478/penetration_poc

- https://github.com/huisetiankong478/poc

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lnick2023/nicenice

- https://github.com/motikan2010/CVE-2020-5398

- https://github.com/n0-traces/cve_monitor

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/password520/Penetration_PoC

- https://github.com/pctF/vulnerable-app

- https://github.com/pentration/gongkaishouji

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/readloud/Awesome-Stars

- https://github.com/soosmile/POC

- https://github.com/taielab/awesome-hacking-lists

- https://github.com/trganda/starrlist

- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/yedada-wei/-

- https://github.com/yedada-wei/gongkaishouji