The host is installed with SpringSource Spring Framework 5.0.x before 5.0.16, 5.1.x before 5.1.13, or 5.2.x before 5.2.3 and is prone to a reflected file download vulnerability. A flaw is present in the application, which fails to handle when it sets a "Content-Disposition" header in the response. Successful exploitation allows attackers to allow download of code without integrity check.