中危 Spring MVC 反射型文件下载漏洞

CVE编号

CVE-2020-5398

利用情况

EXP 已公开

补丁情况

官方补丁

披露时间

2020-01-17
该漏洞EXP已公开传播,漏洞利用成本极低,建议您立即关注并修复。
漏洞描述
 在Spring Framework中,5.2.3之前的版本5.2.x,5.1.13之前的版本5.1.x,5.0.16之前的版本5.0.x,当应用程序在响应中设置“Content-Disposition”头时,当文件名属性来自用户提供的输入时,它容易受到反射文件下载(RFD)攻击。
解决建议
厂商已发布了漏洞修复程序,请及时关注更新:
https://spring.io/
参考链接
https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76...
https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbd...
https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940...
https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd...
https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b...
https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b3...
https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678...
https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e3779...
https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f043004682...
https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2...
https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7...
https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46...
https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1...
https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76d...
https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0...
https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e...
https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207...
https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa7569...
https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59ace...
https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5...
https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026b...
https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b...
https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822...
https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219...
https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a9...
https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9...
https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc4533619...
https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef...
https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b553...
https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d...
https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f...
https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf...
https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f55...
https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c...
https://pivotal.io/security/cve-2020-5398
https://security.netapp.com/advisory/ntap-20210917-0006/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 pivotal_software spring_framework * From
(including)
5.0.0
Up to
(excluding)
5.0.16
运行在以下环境
应用 pivotal_software spring_framework * From
(including)
5.1.1
Up to
(excluding)
5.1.13
运行在以下环境
应用 pivotal_software spring_framework * From
(including)
5.2.0
Up to
(excluding)
5.2.3
运行在以下环境
应用 pivotal_software spring_framework 5.1.0 -
运行在以下环境
系统 debian_10 libspring-java * Up to
(excluding)
4.3.22-4
运行在以下环境
系统 debian_11 libspring-java * Up to
(excluding)
4.3.30-1
运行在以下环境
系统 debian_12 libspring-java * Up to
(excluding)
4.3.30-2
阿里云评分
6.9
  • 攻击路径
    远程
  • 攻击复杂度
    容易
  • 权限要求
    无需权限
  • 影响范围
    越权影响
  • EXP成熟度
    EXP 已公开
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    传输被破坏
  • 服务器危害
    无影响
  • 全网数量
    10000
CWE-ID 漏洞类型
CWE-494 下载代码缺少完整性检查
阿里云安全产品覆盖情况