Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2010-3700 Vulnerability in maven package org.springframework.security:spring-security-core

Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Remediation

References

http://osvdb.org/68931

http://secunia.com/advisories/42024

http://www.securityfocus.com/archive/1/514517/100/0/threaded

http://www.securityfocus.com/bid/44496

http://www.springsource.com/security/cve-2010-3700

https://issues.apache.org/bugzilla/show_bug.cgi?id=25015

Related Vulnerabilities

CVE-2014-3576 Vulnerability in maven package org.apache.activemq:activemq-broker

CVE-2011-5062 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2012-4431 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2016-3084 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

CVE-2014-2058 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-264