CVE-2011-2732
Description
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
7.106
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core 2.0.7 | Windows |
| Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core 3.0.6 | Windows |
| Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core for Linux 2.0.7 | Linux |
| Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core for Linux 3.0.6 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234