CVE-2011-2732

Priority
Medium
Description
CRLF injection vulnerability in the logout functionality in VMware
SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via the spring-security-redirect parameter.
References
Bugs
Package
Upstream:released (2.0.7.RELEASE-1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):not-affected (2.0.7.RELEASE-1)
Ubuntu 13.04 (Raring Ringtail):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2013-10-18 21:16:02 UTC (commit 7370)