PT-2010-5011 · Vmware+1 · Spring Security+2

John Trollinger

Publicado

2010-10-29

Atualizado

2022-05-14

CVE-2010-3700

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions VMware SpringSource Spring Security versions 2.x before 2.0.6 VMware SpringSource Spring Security versions 3.x before 3.0.4 Acegi Security versions 1.0.0 through 1.0.7 IBM WebSphere Application Server (WAS) versions 6.1 and 7.0

Description The issue allows remote attackers to bypass security constraints via a path parameter.

Recommendations For VMware SpringSource Spring Security versions 2.x before 2.0.6, update to version 2.0.6 or later. For VMware SpringSource Spring Security versions 3.x before 3.0.4, update to version 3.0.4 or later. For Acegi Security versions 1.0.0 through 1.0.7, consider upgrading to a newer version of Spring Security. For IBM WebSphere Application Server (WAS) versions 6.1 and 7.0, update the embedded Spring Security to a fixed version.

Correção

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288CWE-264

Identificadores relacionados

CVE-2010-3700

GHSA-3295-H9QX-R82X

Produtos afetados

Acegi Security

Spring Security

Ibm Websphere Application Server

PT-2010-5011 · Vmware+1 · Spring Security+2

CVE-2010-3700

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10