CVE-2010-3700

EPSS 0.25%

Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security

Published: 5/14/2022Modified: 12/5/2024

Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Affected packages (2)

Maven/org.acegisecurity:acegi-security>= 1.0.0, <= 1.0.7
Maven/org.springframework.security:spring-security-core>= 2.0.0, < 2.0.6

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-3700
WEBhttps://issues.apache.org/bugzilla/show_bug.cgi?id=25015
WEBhttps://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700