CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware springsource spring security 3.0.1 |
||
vmware springsource spring security 3.0.2 |
||
vmware springsource spring security 3.0.3 |
||
vmware springsource spring security 3.0.4 |
||
vmware springsource spring security |
||
vmware springsource spring security 2.0.4 |
||
vmware springsource spring security 3.0.0 |
||
vmware springsource spring security 2.0.0 |
||
vmware springsource spring security 2.0.1 |
||
vmware springsource spring security 2.0.2 |
||
vmware springsource spring security 2.0.3 |
||
vmware springsource spring security 2.0.5 |