CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Published: Dec 5, 2012
Updated: May 9, 2024
CVE: CVE-2011-2732
GHSA: GHSA-5xm9-rf63-wj7h
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
vmware / springsource_spring_security	3.0.0	3.0.0.x
vmware / springsource_spring_security	3.0.2	3.0.2.x
vmware / springsource_spring_security	2.0.3	2.0.3.x
vmware / springsource_spring_security	-	3.0.5.x
vmware / springsource_spring_security	-	2.0.6.x
vmware / springsource_spring_security	2.0.5	2.0.5.x
vmware / springsource_spring_security	2.0.2	2.0.2.x
vmware / springsource_spring_security	2.0.0	2.0.0.x
vmware / springsource_spring_security	3.0.3	3.0.3.x
vmware / springsource_spring_security	2.0.1	2.0.1.x
vmware / springsource_spring_security	3.0.1	3.0.1.x
vmware / springsource_spring_security	2.0.4	2.0.4.x
vmware / springsource_spring_security	3.0.4	3.0.4.x
org.springframework.security / spring-security-core	-	2.0.7
org.springframework.security / spring-security-core	3.0.0	3.0.6

Vulnerability Database

289,697

CVE-2011-2732