CVE-2010-3700

描述

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

受影響套件(2)

• Maven/org.acegisecurity:acegi-security>= 1.0.0, <= 1.0.7
• Maven/org.springframework.security:spring-security-core>= 2.0.0, < 2.0.6

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-3700
• WEBhttps://issues.apache.org/bugzilla/show_bug.cgi?id=25015
• WEBhttps://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700