Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2732

Related Vulnerabilities

CVE-2019-10449 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader

CVE-2020-10204 Vulnerability in maven package org.sonatype.nexus:nexus-core

CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat

CVE-2015-1833 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav

CVE-2023-45811 Vulnerability in npm package deobfuscator

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory