Description
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
Remediation
References
http://osvdb.org/68931
http://secunia.com/advisories/42024
http://www.securityfocus.com/archive/1/514517/100/0/threaded
http://www.securityfocus.com/bid/44496
http://www.springsource.com/security/cve-2010-3700
https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
Related Vulnerabilities
CVE-2015-3158 Vulnerability in maven package org.picketlink:picketlink-tomcat-common
CVE-2013-6448 Vulnerability in maven package org.jboss.seam:jboss-seam-remoting
CVE-2015-1814 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-6651 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common
CVE-2016-2171 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security