WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2011-2732 Vulnerability in maven package org.springframework.security:spring-security-web

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-jdk15to18

CVE-2023-29523 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2018-1334 Vulnerability in maven package org.apache.spark:spark-core_2.11

CVE-2021-3690 Vulnerability in maven package io.undertow:undertow-core

CVE-2023-25765 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory