MidnightBSD

Advisories for acegisecurity

CVE-2010-3700 MEDIUM

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ibm websphere_application_server 6.1
acegisecurity acegi-security 1.0.5
vmware springsource_spring_security 3.0.3
acegisecurity acegi-security 1.0.2
vmware springsource_spring_security 3.0.0
vmware springsource_spring_security 3.0.1
vmware springsource_spring_security 2.0.5
ibm websphere_application_server 7.0
acegisecurity acegi-security 1.0.6
vmware springsource_spring_security 2.0.4
vmware springsource_spring_security 3.0.2
vmware springsource_spring_security 2.0.2
acegisecurity acegi-security 1.0.7
acegisecurity acegi-security 1.0.4
vmware springsource_spring_security 2.0.3
acegisecurity acegi-security 1.0.3
acegisecurity acegi-security 1.0.1
acegisecurity acegi-security 1.0.0
vmware springsource_spring_security 2.0.0
vmware springsource_spring_security 2.0.1