WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2011-2732 Vulnerability in maven package org.springframework.security:spring-security-web

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2022-36094 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_2.13

CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2018-19837 Vulnerability in npm package node-sass

CVE-2015-5211 Vulnerability in maven package org.springframework:spring-web

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory