CVE-2011-2732

EPSS 7.2%

Improper Control of Generation of Code in Spring Security

Published: 5/17/2022Modified: 12/7/2024

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Affected packages (1)

Maven/org.springframework.security:spring-security-corefrom 0, < 2.0.7

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-2732
PATCHhttps://github.com/spring-projects/spring-security
WEBhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
WEBhttp://support.springsource.com/security/cve-2011-2732