com.evasion:API (>=1.0.0.1 <=1.0.0.3), com.evasion:CLIENT (>=1.0.0.1 <=1.0.0.3) +104 more potentially affected by CVE-2011-2732 via org.springframework.security:spring-security-core (>=2.0.0 <=2.0.6.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =2.4.7, =2.4.8 and more Source cves: CVE-2011-2732 Source advisory:...

CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

CVE-2011-2732

Spring Security vulnerability (CVE-2011-2732) involves CRLF injection in logout handling via the spring-security-redirect parameter, allowing header injection and HTTP response splitting. Affected versions: 2.0.0–2.0.6 and 3.0.0–3.0.5. Root cause: shared logout code reads the redirect parameter f...

CVE-2011-2732: Spring Security header injection vulnerability

CVE-2011-2732: Spring Security header injection vulnerability Severity: Important Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security allows the use of a parameter named "spring-security-redirect" by default to determine the location...

Spring Security Header Injection

CVE-2011-2732: Spring Security header injection vulnerability Severity: Important Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security allows the use of a parameter named "spring-security-redirect" by default to determine the location...