Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Remediation

References

https://issues.apache.org/bugzilla/show_bug.cgi?id=25015

http://www.securityfocus.com/bid/44496

http://osvdb.org/68931

http://www.springsource.com/security/cve-2010-3700

http://secunia.com/advisories/42024

http://www.securityfocus.com/archive/1/514517/100/0/threaded

Related Vulnerabilities

CVE-2012-1833 Vulnerability in maven package org.grails:grails-plugin-controllers

CVE-2012-5885 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2014-0050 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2012-5885 Vulnerability in maven package tomcat:catalina

CVE-2016-8629 Vulnerability in maven package org.keycloak:keycloak-services

Severity

Critical

Classification

CWE-264