The remote host contains a Spring Framework library version that is 5.0.x prior to 5.0.16 or 5.1.x prior to 5.1.13 or 5.2.x prior to 5.2.3. It is, therefore, affected by a reflected file download vulnerability. An attacker can exploit this tricking user to click on a URL for trusted domain. Upon clicking on the malicious link, the victim will be presented with a download which appears to have originated from a trusted domain. Once downloaded, the malicious payload can execute arbitrary code and potentially completely take-over a system.

Detections

Analytics

Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability. (CVE-2020-5398)

high Nessus Plugin ID 133148