CVE-2011-2732

SpringSource Spring Security < 2.0.7 - CRLF Injection via Logout Redirect Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2732. PoCs published by David Mas.

AI-analyzed exploit summary This is a writeup describing a vulnerability in Spring Security that allows arbitrary HTTP header injection due to insufficient input sanitization. The example URL demonstrates how an attacker can inject headers via a crafted redirect parameter.

Description

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by David Mas · textremotemultiple
https://www.exploit-db.com/exploits/36130

This is a writeup describing a vulnerability in Spring Security that allows arbitrary HTTP header injection due to insufficient input sanitization. The example URL demonstrates how an attacker can inject headers via a crafted redirect parameter.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Spring Security 2.0.0-2.0.6, 3.0.0-3.0.5
No auth needed
Prerequisites: Access to a vulnerable Spring Security application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://support.springsource.com/security/cve-2011-2732

Scores

EPSS 0.0716
EPSS Percentile 91.8%

Details

CWE
CWE-94
Status published
Products (13)
org.springframework.security/spring-security-core 0 - 2.0.7Maven
vmware/springsource_spring_security 2.0.0
vmware/springsource_spring_security 2.0.1
vmware/springsource_spring_security 2.0.2
vmware/springsource_spring_security 2.0.3
vmware/springsource_spring_security 2.0.4
vmware/springsource_spring_security 2.0.5
vmware/springsource_spring_security 3.0.0
vmware/springsource_spring_security 3.0.1
vmware/springsource_spring_security 3.0.2
... and 3 more
Published Dec 05, 2012
Tracked Since Feb 18, 2026