WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2011-2732 Vulnerability in maven package org.springframework.security:spring-security-core

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2013-1571 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap

CVE-2020-27217 Vulnerability in maven package org.eclipse.hono:hono-bom

CVE-2016-10364 Vulnerability in npm package kibana

CVE-2023-24428 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-oauth

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory