cvelistv5 - cve-2011-2732

CVE-2011-2732 (GCVE-0-2011-2732)

Vulnerability from cvelistv5 – Published: 2012-12-05 17:00 – Updated: 2024-08-06 23:08

Summary

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814	x_refsource_MISC
	http://support.springsource.com/security/cve-2011-2732	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.springsource.com/security/cve-2011-2732"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-12-05T17:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.springsource.com/security/cve-2011-2732"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2732",
    "datePublished": "2012-12-05T17:00:00Z",
    "dateReserved": "2011-07-11T00:00:00Z",
    "dateUpdated": "2024-08-06T23:08:23.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0.6\", \"matchCriteriaId\": \"D0758437-7387-404F-9AC8-DFE044F713D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.5\", \"matchCriteriaId\": \"D24B6283-AC10-411C-BC40-FF9CDD4984EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49404CD7-2E0D-479C-AAC4-0B84AEFB724E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D78BB50-F222-46BC-AEAA-8B1DADE2E38C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49CC9A95-6EA8-4F95-BBD1-D306D831636D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F694360-D48E-4ECB-9B32-8A83803E0A68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EE84C44-3D48-4F5B-B168-80F583E84C04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C672302-C952-4EC0-A833-34382F7CC47A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D802BACB-E48F-4430-9C93-5029B596DDBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FED53F75-200C-40F4-A282-E0DBDBDB4DE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DD07175-064C-46D2-B76A-17A642FB7D75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E96BD784-6C39-4FC2-AF5D-C21465D17925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A9A32B-E092-4016-8D63-4CAA52FA8421\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n de secuencias CRLF en la funcionalidad de logout en VMware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\\u00f3n y llevar a cabo ataques de divisi\\u00f3n de respuesta HTTP a trav\\u00e9s del par\\u00e1metro spring-security-redirect.\"}]",
      "id": "CVE-2011-2732",
      "lastModified": "2024-11-21T01:28:51.330",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-12-05T17:55:01.537",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.springsource.com/security/cve-2011-2732\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.springsource.com/security/cve-2011-2732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2732\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-12-05T17:55:01.537\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n de secuencias CRLF en la funcionalidad de logout en VMware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s del par\u00e1metro spring-security-redirect.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.6\",\"matchCriteriaId\":\"D0758437-7387-404F-9AC8-DFE044F713D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.5\",\"matchCriteriaId\":\"D24B6283-AC10-411C-BC40-FF9CDD4984EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49404CD7-2E0D-479C-AAC4-0B84AEFB724E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D78BB50-F222-46BC-AEAA-8B1DADE2E38C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49CC9A95-6EA8-4F95-BBD1-D306D831636D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F694360-D48E-4ECB-9B32-8A83803E0A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE84C44-3D48-4F5B-B168-80F583E84C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C672302-C952-4EC0-A833-34382F7CC47A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D802BACB-E48F-4430-9C93-5029B596DDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FED53F75-200C-40F4-A282-E0DBDBDB4DE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DD07175-064C-46D2-B76A-17A642FB7D75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96BD784-6C39-4FC2-AF5D-C21465D17925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A9A32B-E092-4016-8D63-4CAA52FA8421\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.springsource.com/security/cve-2011-2732\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.springsource.com/security/cve-2011-2732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2011-2732

Vulnerability from fkie_nvd - Published: 2012-12-05 17:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
secalert@redhat.com	http://support.springsource.com/security/cve-2011-2732	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
af854a3a-2127-422b-91ae-364da2661108	http://support.springsource.com/security/cve-2011-2732	Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	springsource_spring_security	*
vmware	springsource_spring_security	*
vmware	springsource_spring_security	2.0.0
vmware	springsource_spring_security	2.0.1
vmware	springsource_spring_security	2.0.2
vmware	springsource_spring_security	2.0.3
vmware	springsource_spring_security	2.0.4
vmware	springsource_spring_security	2.0.5
vmware	springsource_spring_security	3.0.0
vmware	springsource_spring_security	3.0.1
vmware	springsource_spring_security	3.0.2
vmware	springsource_spring_security	3.0.3
vmware	springsource_spring_security	3.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8",
              "versionEndIncluding": "2.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24B6283-AC10-411C-BC40-FF9CDD4984EE",
              "versionEndIncluding": "3.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n de secuencias CRLF en la funcionalidad de logout en VMware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s del par\u00e1metro spring-security-redirect."
    }
  ],
  "id": "CVE-2011-2732",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-05T17:55:01.537",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.springsource.com/security/cve-2011-2732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.springsource.com/security/cve-2011-2732"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-504

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Spring Framework ont été corrigées. Certaines permettent l'exécution de code arbitraire à distance.

Description

Spring Framework permet le développement d'application Java/JEE.

Plusieurs vulnérabilités de Spring Framework ont été corrigées :

(CVE-2011-2730) une double interprétation d'éléments en langage EL permet à un utilisateur malveillant d'obtenir des informations sans en avoir le droit ;
(CVE-2011-2731) un problème de concurrence dans RunAsManager permet à un utilisateur malveillant d'élever ses privilèges ;
(CVE-2011-2732) une erreur dans le traitement de connexions et des déconnexions permet à un utilisateur malveillant d'injecter du code dans une réponse HTTP ;
(CVE-2011-2894) des erreurs dans la de-serialization d'objets permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Les versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 remédient à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Spring Framework versions 2.x et 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Springsource du 09 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSpring Framework versions 2.x et 3.x.\u003c/p\u003e",
  "content": "## Description\n\nSpring Framework permet le d\u00e9veloppement d\u0027application Java/JEE.\n\nPlusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es\u00a0:\n\n-   (CVE-2011-2730) une double interpr\u00e9tation d\u0027\u00e9l\u00e9ments en langage EL\n    permet \u00e0 un utilisateur malveillant d\u0027obtenir des informations sans\n    en avoir le droit\u00a0;\n-   (CVE-2011-2731) un probl\u00e8me de concurrence dans RunAsManager permet\n    \u00e0 un utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   (CVE-2011-2732) une erreur dans le traitement de connexions et des\n    d\u00e9connexions permet \u00e0 un utilisateur malveillant d\u0027injecter du code\n    dans une r\u00e9ponse HTTP\u00a0;\n-   (CVE-2011-2894) des erreurs dans la de-serialization d\u0027objets\n    permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nLes versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 rem\u00e9dient \u00e0 ces\nvuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
    },
    {
      "name": "CVE-2011-2730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2730"
    },
    {
      "name": "CVE-2011-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2732"
    },
    {
      "name": "CVE-2011-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2731"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-504",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es.\nCertaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Spring Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Springsource du 09 septembre 2011",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ]
}

CERTA-2011-AVI-504

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Spring Framework ont été corrigées. Certaines permettent l'exécution de code arbitraire à distance.

Description

Spring Framework permet le développement d'application Java/JEE.

Plusieurs vulnérabilités de Spring Framework ont été corrigées :

(CVE-2011-2730) une double interprétation d'éléments en langage EL permet à un utilisateur malveillant d'obtenir des informations sans en avoir le droit ;
(CVE-2011-2731) un problème de concurrence dans RunAsManager permet à un utilisateur malveillant d'élever ses privilèges ;
(CVE-2011-2732) une erreur dans le traitement de connexions et des déconnexions permet à un utilisateur malveillant d'injecter du code dans une réponse HTTP ;
(CVE-2011-2894) des erreurs dans la de-serialization d'objets permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Les versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 remédient à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Spring Framework versions 2.x et 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Springsource du 09 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSpring Framework versions 2.x et 3.x.\u003c/p\u003e",
  "content": "## Description\n\nSpring Framework permet le d\u00e9veloppement d\u0027application Java/JEE.\n\nPlusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es\u00a0:\n\n-   (CVE-2011-2730) une double interpr\u00e9tation d\u0027\u00e9l\u00e9ments en langage EL\n    permet \u00e0 un utilisateur malveillant d\u0027obtenir des informations sans\n    en avoir le droit\u00a0;\n-   (CVE-2011-2731) un probl\u00e8me de concurrence dans RunAsManager permet\n    \u00e0 un utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   (CVE-2011-2732) une erreur dans le traitement de connexions et des\n    d\u00e9connexions permet \u00e0 un utilisateur malveillant d\u0027injecter du code\n    dans une r\u00e9ponse HTTP\u00a0;\n-   (CVE-2011-2894) des erreurs dans la de-serialization d\u0027objets\n    permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nLes versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 rem\u00e9dient \u00e0 ces\nvuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
    },
    {
      "name": "CVE-2011-2730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2730"
    },
    {
      "name": "CVE-2011-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2732"
    },
    {
      "name": "CVE-2011-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2731"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-504",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es.\nCertaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Spring Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Springsource du 09 septembre 2011",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ]
}

GSD-2011-2732

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2732

Aliases

CVE-2011-2732

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2732",
    "description": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.",
    "id": "GSD-2011-2732",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2011-2732"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2732"
      ],
      "details": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.",
      "id": "GSD-2011-2732",
      "modified": "2023-12-13T01:19:06.256454Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2732",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814",
            "refsource": "MISC",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
          },
          {
            "name": "http://support.springsource.com/security/cve-2011-2732",
            "refsource": "MISC",
            "url": "http://support.springsource.com/security/cve-2011-2732"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,2.0.7),[3.0.0,3.0.6)",
          "affected_versions": "All versions before 2.0.7, all versions starting from 3.0.0 before 3.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2022-07-13",
          "description": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.",
          "fixed_versions": [
            "2.0.7",
            "3.0.6"
          ],
          "identifier": "CVE-2011-2732",
          "identifiers": [
            "GHSA-5xm9-rf63-wj7h",
            "CVE-2011-2732"
          ],
          "not_impacted": "All versions starting from 2.0.7 before 3.0.0, all versions starting from 3.0.6",
          "package_slug": "maven/org.springframework.security/spring-security-core",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to versions 2.0.7, 3.0.6 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-2732",
            "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814",
            "http://support.springsource.com/security/cve-2011-2732",
            "https://github.com/advisories/GHSA-5xm9-rf63-wj7h"
          ],
          "uuid": "77554317-3e61-4e8c-b92f-0e99ad6ae412"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2732"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814",
              "refsource": "MISC",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
            },
            {
              "name": "http://support.springsource.com/security/cve-2011-2732",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.springsource.com/security/cve-2011-2732"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2012-12-06T05:00Z",
      "publishedDate": "2012-12-05T17:55Z"
    }
  }
}

GHSA-5XM9-RF63-WJ7H

Vulnerability from github – Published: 2022-05-17 05:18 – Updated: 2022-07-13 17:56

Summary

Improper Control of Generation of Code in Spring Security

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-2732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T17:56:38Z",
    "nvd_published_at": "2012-12-05T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.",
  "id": "GHSA-5xm9-rf63-wj7h",
  "modified": "2022-07-13T17:56:38Z",
  "published": "2022-05-17T05:18:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2732"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-security"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
    },
    {
      "type": "WEB",
      "url": "http://support.springsource.com/security/cve-2011-2732"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Control of Generation of Code in Spring Security"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2732 (GCVE-0-2011-2732)

FKIE_CVE-2011-2732

CERTA-2011-AVI-504

Description

Solution

CERTA-2011-AVI-504

Description

Solution

GSD-2011-2732

GHSA-5XM9-RF63-WJ7H

Tags

Sightings

Nomenclature