| Vulnerability Name: | CVE-2011-2732 (CCN-69690) | ||||||||||||
| Assigned: | 2011-09-09 | ||||||||||||
| Published: | 2011-09-09 | ||||||||||||
| Updated: | 2012-12-06 | ||||||||||||
| Summary: | CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-94 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MISC Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814 Source: MITRE Type: CNA CVE-2011-2732 Source: CCN Type: SA45958 Spring Security Multiple Vulnerabilities Source: CONFIRM Type: Vendor Advisory http://support.springsource.com/security/cve-2011-2732 Source: CCN Type: OSVDB ID: 75266 Spring Security Redirection Parameter HTTP Response Splitting Source: CCN Type: BID-49535 Spring Security HTTP Header Injection Vulnerability Source: CCN Type: SpringSource Security Advisory Spring Security header injection vulnerability Source: XF Type: UNKNOWN spring-security-redirection-header-injection(69690) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||