John Trollinger

**Name of the Vulnerable Software and Affected Versions** VMware SpringSource Spring Security versions 2.x before 2.0.6 VMware SpringSource Spring Security versions 3.x before 3.0.4 Acegi Security versions 1.0.0 through 1.0.7 IBM WebSphere Application Server (WAS) versions 6.1 and 7.0 **Description** The issue allows remote attackers to bypass security constraints via a path parameter. **Recommendations** For VMware SpringSource Spring Security versions 2.x before 2.0.6, update to version 2.0.6 or later. For VMware SpringSource Spring Security versions 3.x before 3.0.4, update to version 3.0.4 or later. For Acegi Security versions 1.0.0 through 1.0.7, consider upgrading to a newer version of Spring Security. For IBM WebSphere Application Server (WAS) versions 6.1 and 7.0, update the embedded Spring Security to a fixed version.