CRLF Injection Vulnerability in VMware SpringSource Spring Security
CVE-2011-2732

Currently unrated

Key Information:

Vendor
Vmware
Vendor
CVE Published:
5 December 2012

Summary

A CRLF injection vulnerability exists in the logout functionality of VMware's SpringSource Spring Security, leading to the potential for remote attackers to inject arbitrary HTTP headers. This flaw allows for HTTP response splitting attacks via manipulation of the 'spring-security-redirect' parameter, compromising the security and integrity of web applications using vulnerable versions of the product.

References

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.