CRLF Injection Vulnerability in VMware SpringSource Spring Security
CVE-2011-2732

Currently unrated

Key Information:

Vendor

Vmware
Status
Springsource Spring Security
Vendor
CVE Published:
5 December 2012

What is CVE-2011-2732?

A CRLF injection vulnerability exists in the logout functionality of VMware's SpringSource Spring Security, leading to the potential for remote attackers to inject arbitrary HTTP headers. This flaw allows for HTTP response splitting attacks via manipulation of the 'spring-security-redirect' parameter, compromising the security and integrity of web applications using vulnerable versions of the product.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
x_refsource_MISC
http://support.springsource.com/security/cve-2011-2732
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.