CVE-2011-2732

Priority
Medium
Description
CRLF injection vulnerability in the logout functionality in VMware
SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via the spring-security-redirect parameter.
References
Bugs
Package
Upstream:released (2.0.7.RELEASE-1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 14.10 (Utopic Unicorn):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-23 21:15:18 UTC (commit 8644)