Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security

GHSA-3295-h9qx-r82x · CVE-2010-3700

Published May 14, 2022 · Modified Dec 5, 2024

Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2010-3700
WEB https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
WEB https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes