CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
http://support.springsource.com/security/cve-2011-2732	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:springsource_spring_security::::::::
	cpe:2.3:a:vmware:springsource_spring_security::::::::
	cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:3.0.3:::::::*
	cpe:2.3:a:vmware:springsource_spring_security:3.0.4:::::::*

History

No history.

Information

Published : 2012-12-05 17:55

Updated : 2012-12-06 05:00

NVD link : CVE-2011-2732

Mitre link : CVE-2011-2732

CVE.ORG link : CVE-2011-2732

JSON object : View

Products Affected

vmware

springsource_spring_security

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2011-2732", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-05T17:55:01.537", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814", "source": "secalert@redhat.com"}, {"url": "http://support.springsource.com/security/cve-2011-2732", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de secuencias CRLF en la funcionalidad de logout en VMware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s del par\u00e1metro spring-security-redirect."}], "lastModified": "2012-12-06T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8", "versionEndIncluding": "2.0.6"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D24B6283-AC10-411C-BC40-FF9CDD4984EE", "versionEndIncluding": "3.0.5"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925"}, {"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}