A header injection flaw was found in the way the Spring Security tool processed the value of 'spring-security-redirect' parameter by user logout. A remote attacker could provide a specially-crafted URL, which once visited by a valid Spring Security tool user, could allow the attacker inject additional HTTP headers or split the response.
Sample PoC (from ):
A logout link such as
could be used to inject the header
to the response
Not vulnerable. This issue affects the Spring Security package, which is not shipped with any Red Hat products.