Improper Control of Generation of Code in Spring Security

GHSA-5xm9-rf63-wj7h · CVE-2011-2732

Published May 17, 2022 · Modified Dec 7, 2024

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2011-2732
PACKAGE https://github.com/spring-projects/spring-security
WEB http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
WEB http://support.springsource.com/security/cve-2011-2732

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes