WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2010-3700 Vulnerability in maven package org.springframework.security:spring-security-core

Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Remediation

References

https://issues.apache.org/bugzilla/show_bug.cgi?id=25015

http://www.securityfocus.com/bid/44496

http://osvdb.org/68931

http://www.springsource.com/security/cve-2010-3700

http://secunia.com/advisories/42024

http://www.securityfocus.com/archive/1/514517/100/0/threaded

Related Vulnerabilities

CVE-2011-1582 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2010-3700 Vulnerability in maven package org.springframework.security:spring-security-web

CVE-2014-3416 Vulnerability in maven package org.jasig.portal:uportal-war

CVE-2014-0107 Vulnerability in maven package xalan:xalan

CVE-2014-3558 Vulnerability in maven package org.hibernate:hibernate-validator

Severity

Critical

Classification

CWE-264