WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2011-2732 Vulnerability in maven package org.springframework.security:spring-security-core

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-framework-bundle

CVE-2007-1358 Vulnerability in maven package tomcat:tomcat-http11

CVE-2012-2379 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-all

CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc-client

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory