PT-2010-5011 · Vmware+1 · Spring Security+2
John Trollinger
·
Published
2010-10-29
·
Updated
2022-05-14
·
CVE-2010-3700
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
VMware SpringSource Spring Security versions 2.x before 2.0.6
VMware SpringSource Spring Security versions 3.x before 3.0.4
Acegi Security versions 1.0.0 through 1.0.7
IBM WebSphere Application Server (WAS) versions 6.1 and 7.0
Description
The issue allows remote attackers to bypass security constraints via a path parameter.
Recommendations
For VMware SpringSource Spring Security versions 2.x before 2.0.6, update to version 2.0.6 or later.
For VMware SpringSource Spring Security versions 3.x before 3.0.4, update to version 3.0.4 or later.
For Acegi Security versions 1.0.0 through 1.0.7, consider upgrading to a newer version of Spring Security.
For IBM WebSphere Application Server (WAS) versions 6.1 and 7.0, update the embedded Spring Security to a fixed version.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Acegi Security
Spring Security
Ibm Websphere Application Server