Vulnerability Details CVE-2010-3700
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://osvdb.org/68931
- http://secunia.com/advisories/42024
- http://www.securityfocus.com/archive/1/514517/100/0/threaded
- http://www.securityfocus.com/bid/44496
- http://www.springsource.com/security/cve-2010-3700
- https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
- http://osvdb.org/68931
- http://secunia.com/advisories/42024
- http://www.securityfocus.com/archive/1/514517/100/0/threaded
- http://www.securityfocus.com/bid/44496
- http://www.springsource.com/security/cve-2010-3700
- https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
Products affected by CVE-2010-3700
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.0
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.1
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.2
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.3
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.4
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.5
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.6
-
cpe:2.3:a:acegisecurity:acegi-security:1.0.7
-
cpe:2.3:a:ibm:websphere_application_server:6.1
-
cpe:2.3:a:ibm:websphere_application_server:7.0
-
cpe:2.3:a:vmware:springsource_spring_security:2.0.0
-
cpe:2.3:a:vmware:springsource_spring_security:2.0.1
-
cpe:2.3:a:vmware:springsource_spring_security:2.0.2
-
cpe:2.3:a:vmware:springsource_spring_security:2.0.3
-
cpe:2.3:a:vmware:springsource_spring_security:2.0.4
-
cpe:2.3:a:vmware:springsource_spring_security:2.0.5
-
cpe:2.3:a:vmware:springsource_spring_security:3.0.0
-
cpe:2.3:a:vmware:springsource_spring_security:3.0.1
-
cpe:2.3:a:vmware:springsource_spring_security:3.0.2
-
cpe:2.3:a:vmware:springsource_spring_security:3.0.3