Description
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WL Katalogsok PHP Object Injection (3.5.4)
WordPress Plugin Cookie Information-Free GDPR Consent Solution Cross-Site Scripting (1.5.5)
MediaWiki Improper Access Control Vulnerability (CVE-2015-8627)
Apache Tomcat version older than 6.0.10
WordPress Plugin Handsome Testimonials & Reviews SQL Injection (2.0.7)