Lucene search

K

Ubuntu.comUB:CVE-2011-2732

HistoryDec 05, 2012 - 12:00 a.m.

CVE-2011-2732

2012-12-0500:00:00

ubuntu.com

ubuntu.com

15

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

58.8%

CRLF injection vulnerability in the logout functionality in VMware
SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via the spring-security-redirect parameter.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670901>

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

support.springsource.com/security/cve-2011-2732

launchpad.net/bugs/cve/CVE-2011-2732

nvd.nist.gov/vuln/detail/CVE-2011-2732

security-tracker.debian.org/tracker/CVE-2011-2732

www.cve.org/CVERecord?id=CVE-2011-2732

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

58.8%

Related for UB:CVE-2011-2732

packetstorm1 cvelist1 securityvulns2 nvd1 osv1 github1 prion1 exploitdb1 cve1