Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2732

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2732
Last Modified 06 Dec 2012 12:00:00
Published 05 Dec 2012 12:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2732

Summary

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Vulnerable Systems

Application

  • Vmware Springsource Spring Security 2.0.0

  • Vmware Springsource Spring Security 2.0.1

  • Vmware Springsource Spring Security 2.0.2

  • Vmware Springsource Spring Security 2.0.3

  • Vmware Springsource Spring Security 2.0.4

  • Vmware Springsource Spring Security 2.0.5

  • Vmware Springsource Spring Security 2.0.6

  • Vmware Springsource Spring Security 3.0.0

  • Vmware Springsource Spring Security 3.0.1

  • Vmware Springsource Spring Security 3.0.2

  • Vmware Springsource Spring Security 3.0.3

  • Vmware Springsource Spring Security 3.0.4

  • Vmware Springsource Spring Security 3.0.5


References

CONFIRM - http://support.springsource.com/security/cve-2011-2732

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814


Last Updated: 27 May 2016 11:01:27