CRLF Injection Vulnerability in VMware SpringSource Spring Security
CVE-2011-2732

Currently unrated

Key Information:

Vendor: Vmware
Status: Springsource Spring Security
Vendor: CVE Published:; 5 December 2012

Summary

A CRLF injection vulnerability exists in the logout functionality of VMware's SpringSource Spring Security, leading to the potential for remote attackers to inject arbitrary HTTP headers. This flaw allows for HTTP response splitting attacks via manipulation of the 'spring-security-redirect' parameter, compromising the security and integrity of web applications using vulnerable versions of the product.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

x_refsource_MISC

http://support.springsource.com/security/cve-2011-2732

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 5, 2012
Vulnerability Reserved
Jul 11, 2011