CVE-2010-3700:acegi-security, springsource_spring_security, websphere_application_server: VMware SpringSource Spring Security 2.x before 2.0....

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3700

acegi-security, springsource_spring_security, websphere_application_server: VMware SpringSource Spring Security 2.x before 2.0....

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3700

Original

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-29

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-01

Affected Product Tags

cpe:/a:acegisecurity:acegi-security:1.0.0

cpe:/a:acegisecurity:acegi-security:1.0.1

cpe:/a:acegisecurity:acegi-security:1.0.2

cpe:/a:acegisecurity:acegi-security:1.0.3

cpe:/a:acegisecurity:acegi-security:1.0.4

cpe:/a:acegisecurity:acegi-security:1.0.5

cpe:/a:acegisecurity:acegi-security:1.0.6

cpe:/a:acegisecurity:acegi-security:1.0.7

cpe:/a:ibm:websphere_application_server:6.1

cpe:/a:ibm:websphere_application_server:7.0

cpe:/a:vmware:springsource_spring_security:2.0.0

cpe:/a:vmware:springsource_spring_security:2.0.1

cpe:/a:vmware:springsource_spring_security:2.0.2

cpe:/a:vmware:springsource_spring_security:2.0.3

cpe:/a:vmware:springsource_spring_security:2.0.4

cpe:/a:vmware:springsource_spring_security:2.0.5

cpe:/a:vmware:springsource_spring_security:3.0.0

cpe:/a:vmware:springsource_spring_security:3.0.1

cpe:/a:vmware:springsource_spring_security:3.0.2

cpe:/a:vmware:springsource_spring_security:3.0.3

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 44496

BUGTRAQ 20101027 CVE-2010-3700: Spring Security bypass of security constraints

MISC https://issues.apache.org/bugzilla/show_bug.cgi?id=25015

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)