CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-12-05 17:55

Updated : 2024-02-04 18:16


NVD link : CVE-2011-2732

Mitre link : CVE-2011-2732

CVE.ORG link : CVE-2011-2732


JSON object : View

Products Affected

vmware

  • springsource_spring_security
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')