Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2022-40145 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules

CVE-2014-0073 Vulnerability in npm package cordova-plugin-inappbrowser

CVE-2020-2257 Vulnerability in maven package org.jenkins-ci.plugins:validating-string-parameter

CVE-2015-2944 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post

CVE-2019-1003087 Vulnerability in maven package org.jenkins-ci.plugins:labmanager

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory