Description
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
Remediation
References
https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
http://www.securityfocus.com/bid/44496
http://osvdb.org/68931
http://www.springsource.com/security/cve-2010-3700
http://secunia.com/advisories/42024
http://www.securityfocus.com/archive/1/514517/100/0/threaded
Related Vulnerabilities
CVE-2011-3376 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2015-5253 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-sso-saml
CVE-2012-1833 Vulnerability in maven package org.grails:grails-core
CVE-2014-0096 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2015-1806 Vulnerability in maven package org.jenkins-ci.main:jenkins-core