CVE-2011-2732

Priority
Medium
Description
CRLF injection vulnerability in the logout functionality in VMware
SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via the spring-security-redirect parameter.
References
Bugs
Package
Upstream:released (2.0.7.RELEASE-1)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-08-11 23:47:52 UTC (commit 13081)