CRLF Injection Vulnerability in VMware SpringSource Spring Security
CVE-2011-2732
Currently unrated
Summary
A CRLF injection vulnerability exists in the logout functionality of VMware's SpringSource Spring Security, leading to the potential for remote attackers to inject arbitrary HTTP headers. This flaw allows for HTTP response splitting attacks via manipulation of the 'spring-security-redirect' parameter, compromising the security and integrity of web applications using vulnerable versions of the product.
References
EPSS Score
6% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved