WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2011-2732 Vulnerability in maven package org.springframework.security:spring-security-core

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2020-13920 Vulnerability in maven package org.apache.activemq:activemq-core

CVE-2022-26850 Vulnerability in maven package org.apache.nifi:nifi-single-user-utils

CVE-2020-35509 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components

CVE-2015-0227 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory