Vulnerability Description
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acegisecurity | Acegi-Security | 1.0.0 |
| Vmware | Springsource Spring Security | 2.0.0 |
| Ibm | Websphere Application Server | 6.1 |
Related Weaknesses (CWE)
References
- http://osvdb.org/68931
- http://secunia.com/advisories/42024
- http://www.securityfocus.com/archive/1/514517/100/0/threaded
- http://www.securityfocus.com/bid/44496
- http://www.springsource.com/security/cve-2010-3700
- https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
- http://osvdb.org/68931
- http://secunia.com/advisories/42024
- http://www.securityfocus.com/archive/1/514517/100/0/threaded
- http://www.securityfocus.com/bid/44496
- http://www.springsource.com/security/cve-2010-3700
- https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
FAQ
What is CVE-2010-3700?
CVE-2010-3700 is a vulnerability with a CVSS score of 5.0 (MEDIUM). VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attacker...
How severe is CVE-2010-3700?
CVE-2010-3700 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3700?
Check the references section above for vendor advisories and patch information. Affected products include: Acegisecurity Acegi-Security, Vmware Springsource Spring Security, Ibm Websphere Application Server.