CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
References
Link | Resource |
---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814 | |
http://support.springsource.com/security/cve-2011-2732 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-12-05T17:00:00Z
Updated: 2012-12-05T17:00:00Z
Reserved: 2011-07-11T00:00:00Z
Link: CVE-2011-2732
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-12-05T17:55:01.537
Modified: 2012-12-06T05:00:00.000
Link: CVE-2011-2732
JSON object: View
Redhat Information
No data.
CWE