CVE-2015-5211 RFD Attack in Spring Framework
Under some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
For details and concrete examples see the very helpful RFD paper from Trustwave.