CVE-2011-2732

Currently unrated

Key Information:

Vendor: Vmware
Status: Springsource Spring Security
Vendor: CVE Published:; 5 December 2012

Summary

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

x_refsource_MISC

http://support.springsource.com/security/cve-2011-2732

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 5, 2012
Vulnerability Reserved
Jul 11, 2011