CVE-2010-3700
Acegi Security 1.0.0-1.0.7 & Spring Security 2.x<2.0.6/3.x<3.0.4 - Path Parameter Bypass
Title source: llmDescription
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44496
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42024
Various Sources x_refsource_misc
https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
Various Sources x_refsource_confirm
http://www.springsource.com/security/cve-2010-3700
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/68931
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514517/100/0/threaded
Scores
EPSS
0.0025
EPSS Percentile
48.0%
Details
CWE
CWE-264
Status
published
Products (22)
acegisecurity/acegi-security
1.0.0
acegisecurity/acegi-security
1.0.1
acegisecurity/acegi-security
1.0.2
acegisecurity/acegi-security
1.0.3
acegisecurity/acegi-security
1.0.4
acegisecurity/acegi-security
1.0.5
acegisecurity/acegi-security
1.0.6
acegisecurity/acegi-security
1.0.7
ibm/websphere_application_server
6.1
ibm/websphere_application_server
7.0
... and 12 more
Published
Oct 29, 2010
Tracked Since
Feb 18, 2026