Lucene search

RedhatCVE-2011-2732

HistoryDec 05, 2012 - 5:55 p.m.

CVE-2011-2732

2012-12-0517:55:01

CWE-94

redhat

web.nvd.nist.gov

cve-2011-2732

crlf injection

vmware

springsource

spring security

http header injection

response splitting

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

58.8%

JSON

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Affected configurations

Nvd

Node

vmwarespringsource_spring_securityRange≤2.0.6

vmwarespringsource_spring_securityRange≤3.0.5

vmwarespringsource_spring_securityMatch2.0.0

vmwarespringsource_spring_securityMatch2.0.1

vmwarespringsource_spring_securityMatch2.0.2

vmwarespringsource_spring_securityMatch2.0.3

vmwarespringsource_spring_securityMatch2.0.4

vmwarespringsource_spring_securityMatch2.0.5

vmwarespringsource_spring_securityMatch3.0.0

vmwarespringsource_spring_securityMatch3.0.1

vmwarespringsource_spring_securityMatch3.0.2

vmwarespringsource_spring_securityMatch3.0.3

vmwarespringsource_spring_securityMatch3.0.4

VendorProductVersionCPE
vmwarespringsource_spring_security*cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.0cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.1cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.2cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.3cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.4cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.5cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.0cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.1cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.2cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	springsource_spring_security	*	cpe:2.3:a:vmware:springsource_spring_security::::::::
vmware	springsource_spring_security	2.0.0	cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
vmware	springsource_spring_security	2.0.1	cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
vmware	springsource_spring_security	2.0.2	cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
vmware	springsource_spring_security	2.0.3	cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
vmware	springsource_spring_security	2.0.4	cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
vmware	springsource_spring_security	2.0.5	cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
vmware	springsource_spring_security	3.0.0	cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
vmware	springsource_spring_security	3.0.1	cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
vmware	springsource_spring_security	3.0.2	cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*