Lucene search
GitHub Advisory DatabaseGHSA-5XM9-RF63-WJ7HHistoryMay 17, 2022 - 5:18 a.m.
Improper Control of Generation of Code in Spring Security
2022-05-1705:18:15
CWE-94
GitHub Advisory Database
github.com
11
spring security
code generation
logout
http response splitting
vulnerability
vmware springsource
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
58.8%
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
Affected configurations
Node
org.springframework.security\Matchspring-security-core
ORorg.springframework.security\Matchspring-security-core
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | org.springframework.security\ | spring-security-core | cpe:2.3:a:*:org.springframework.security\:spring-security-core:*:*:*:*:*:*:*:* |
Related
packetstorm
packetstorm
Spring Security Header Injection
2011-09-09 00:00:00
cvelist
cvelist
CVE-2011-2732
2012-12-05 17:00:00
securityvulns
securityvulns
CVE-2011-2732: Spring Security header injection vulnerability
2011-09-13 00:00:00
nvd
nvd
CVE-2011-2732
2012-12-05 17:55:01
osv
osv
Improper Control of Generation of Code in Spring Security
2022-05-17 05:18:15
ubuntucve
ubuntucve
CVE-2011-2732
2012-12-05 00:00:00
prion
prion
Crlf injection
2012-12-05 17:55:00
exploitdb
exploitdb
Spring Security - HTTP Header Injection
2011-09-09 00:00:00
cve
cve
CVE-2011-2732
2012-12-05 17:55:01
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
58.8%
Related for GHSA-5XM9-RF63-WJ7H