Miggo Logo
Miggo Vulnerability Database
CVE-2011-2732

CVE-2011-2732: Improper Control of Generation of Code in Spring Security

4.3

CVSS Score

Basic Information

CVE ID
CVE-2011-2732
GHSA ID
GHSA-5xm9-rf63-wj7h
EPSS Score
0.904%
CWE
CWE-94
Published
5/17/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.springframework.security:spring-security-coremaven< 2.0.72.0.7
org.springframework.security:spring-security-coremaven>= 3.0.0, < 3.0.63.0.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of the 'spring-security-redirect' parameter during logout processing. Spring Security's LogoutFilter handles redirects by reading this parameter and setting the Location header directly. In vulnerable versions, the parameter value was not properly sanitized for CRLF characters (\r\n), allowing attackers to craft URLs that inject malicious headers or split responses. The LogoutFilter's handle() method is directly responsible for processing this parameter and constructing the redirect response, making it the primary vulnerable function. The CVE description explicitly mentions the logout functionality and parameter manipulation, aligning with this component's responsibility.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*RL* inj**tion vuln*r**ility in t** lo*out *un*tion*lity in VMw*r* Sprin*Sour** Sprin* S**urity ***or* *.*.* *n* *.*.x ***or* *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry *TTP *****rs *n* *on*u*t *TTP r*spons* splittin* *tt**ks vi* t** sprin*-s*

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* t** 'sprin*-s**urity-r**ir**t' p*r*m*t*r *urin* lo*out pro**ssin*. Sprin* S**urity's `Lo*out*ilt*r` **n*l*s r**ir**ts *y r***in* t*is p*r*m*t*r *n* s*ttin* t** Lo**tion *****r *ir**tly. In vuln*r**l*