Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ev1k-za9z-87hq

Summary

Improper Control of Generation of Code ('Code Injection')
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

Aliases

alias	CVE-2011-2732

alias	GHSA-5xm9-rf63-wj7h

Fixed_packages

url pkg:maven/org.springframework.security/spring-security-core@2.0.7.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@2.0.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.7.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE

Affected_packages

url pkg:maven/org.springframework.security/spring-security-core@2.0.0

purl pkg:maven/org.springframework.security/spring-security-core@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.0

url pkg:maven/org.springframework.security/spring-security-core@2.0.1

purl pkg:maven/org.springframework.security/spring-security-core@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.1

url pkg:maven/org.springframework.security/spring-security-core@2.0.2

purl pkg:maven/org.springframework.security/spring-security-core@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.2

url pkg:maven/org.springframework.security/spring-security-core@2.0.3

purl pkg:maven/org.springframework.security/spring-security-core@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.3

url pkg:maven/org.springframework.security/spring-security-core@2.0.4

purl pkg:maven/org.springframework.security/spring-security-core@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.4

url pkg:maven/org.springframework.security/spring-security-core@2.0.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@2.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@2.0.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@2.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.6.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.0

purl pkg:maven/org.springframework.security/spring-security-core@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-w4q4-38gp-m3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0

url pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE

References

reference_url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2732.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2732.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2732

reference_id

reference_type

scores

value	0.07155
scoring_system	epss
scoring_elements	0.91582
published_at	2026-04-21T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91561
published_at	2026-04-09T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91565
published_at	2026-04-13T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91567
published_at	2026-04-12T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91587
published_at	2026-04-16T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91583
published_at	2026-04-18T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91521
published_at	2026-04-01T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91528
published_at	2026-04-02T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91534
published_at	2026-04-04T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91542
published_at	2026-04-07T12:55:00Z

value	0.07155
scoring_system	epss
scoring_elements	0.91555
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2732

reference_url

https://github.com/spring-projects/spring-security

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=737617
reference_id	737617
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=737617

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security::::::::
reference_id	cpe:2.3:a:vmware:springsource_spring_security::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2732

reference_id

CVE-2011-2732

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2732

reference_url

http://support.springsource.com/security/cve-2011-2732

reference_id

CVE-2011-2732

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.springsource.com/security/cve-2011-2732

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36130.txt
reference_id	CVE-2011-2732;OSVDB-75266
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36130.txt

reference_url	https://www.securityfocus.com/bid/49535/info
reference_id	CVE-2011-2732;OSVDB-75266
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/49535/info

reference_url

https://github.com/advisories/GHSA-5xm9-rf63-wj7h

reference_id

GHSA-5xm9-rf63-wj7h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5xm9-rf63-wj7h

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

date_added	2011-09-09
description	Spring Security - HTTP Header Injection
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2011-09-09
exploit_type	remote
platform	multiple
source_date_updated	2015-02-20
data_source	Exploit-DB
source_url	https://www.securityfocus.com/bid/49535/info

Severity_range_score 4.0 - 6.9

Exploitability 2.0

Weighted_severity 6.2

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev1k-za9z-87hq

Vulnerability Instance