Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8", "versionEndIncluding": "2.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D24B6283-AC10-411C-BC40-FF9CDD4984EE", "versionEndIncluding": "3.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de secuencias CRLF en la funcionalidad de logout en VMware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s del par\u00e1metro spring-security-redirect."}], "id": "CVE-2011-2732", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-05T17:55:01.537", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://support.springsource.com/security/cve-2011-2732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.springsource.com/security/cve-2011-2732"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat