CVE-2011-2732 PoC — Spring Security RunAsManager CRLF注入漏洞

Source

https://github.com/shoucheng3/spring-projects__spring-security_CVE-2011-2732_2-0-6-RELEASE

Associated Vulnerability

Title:Spring Security RunAsManager CRLF注入漏洞 (CVE-2011-2732)
Description:Pivotal Software Spring Security是美国Pivotal Software公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。 VMware SpringSource Spring Security 2.0.7之前版本和3.0.6之前的3.0.x版本中的退出功能中存在CRLF注入漏洞。通过‘spring-security-redirect’参数，远程攻击者利用该漏洞注入任意HTTP头和进行HTTP响应拆分攻击。

File Snapshot


 [4.0K]  /data/pocs/aca1a88236c6ad1a5fd285209fc1d0d581a3aadf

0 directories, 0 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2011-2732 PoC — Spring Security RunAsManager CRLF注入漏洞

Source

Associated Vulnerability

File Snapshot

Remarks