Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2017-11482 Vulnerability in npm package kibana

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-dao

CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

CVE-2022-42252 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2021-45456 Vulnerability in maven package org.apache.kylin:kylin-server-base

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory