Vulnerabilites related to acegisecurity - acegi-security
Vulnerability from fkie_nvd
Published
2010-10-29 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acegisecurity | acegi-security | 1.0.0 | |
| acegisecurity | acegi-security | 1.0.1 | |
| acegisecurity | acegi-security | 1.0.2 | |
| acegisecurity | acegi-security | 1.0.3 | |
| acegisecurity | acegi-security | 1.0.4 | |
| acegisecurity | acegi-security | 1.0.5 | |
| acegisecurity | acegi-security | 1.0.6 | |
| acegisecurity | acegi-security | 1.0.7 | |
| vmware | springsource_spring_security | 2.0.0 | |
| vmware | springsource_spring_security | 2.0.1 | |
| vmware | springsource_spring_security | 2.0.2 | |
| vmware | springsource_spring_security | 2.0.3 | |
| vmware | springsource_spring_security | 2.0.4 | |
| vmware | springsource_spring_security | 2.0.5 | |
| vmware | springsource_spring_security | 3.0.0 | |
| vmware | springsource_spring_security | 3.0.1 | |
| vmware | springsource_spring_security | 3.0.2 | |
| vmware | springsource_spring_security | 3.0.3 | |
| ibm | websphere_application_server | 6.1 | |
| ibm | websphere_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA06D12-CC44-455D-AB77-7DD48B73B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F849A68-C6CD-49A7-A66E-81A672A01767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28C0DF47-9736-41F7-ACCB-713583367CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34562257-61C5-4F8B-A16D-82560E6B6D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD592BAE-7E31-4ACF-8F71-D3955EF6D4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F41693E-F9B8-4A14-9390-A5736D8CBB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB50F4C-3612-42C7-8CF6-1D42B6B54B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "60BA3BEA-311D-43E1-BA9C-009223339082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9CDD56-921C-4FAF-87E2-14B91EC1A93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
},
{
"lang": "es",
"value": "VMware SpringSource Spring Security v2.x anterior a v2.0.6 y v3.x anterior a v3.0.4, y Acegi Security v1.0.0 hasta v1.0.7, como el usado en IBM WebSphere Application Server (WAS) v6.1 y v7.0, permite a los atacantes remotos evitar las restricciones de seguridad a trav\u00e9s de un par\u00e1metro de ruta."
}
],
"id": "CVE-2010-3700",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-29T19:00:02.247",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/68931"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42024"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/44496"
},
{
"source": "secalert@redhat.com",
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/68931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-3700 (GCVE-0-2010-3700)
Vulnerability from cvelistv5
Published
2010-10-29 18:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44496"
},
{
"name": "42024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"name": "68931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/68931"
},
{
"name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "44496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44496"
},
{
"name": "42024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"name": "68931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/68931"
},
{
"name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44496"
},
{
"name": "42024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42024"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015",
"refsource": "MISC",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"name": "http://www.springsource.com/security/cve-2010-3700",
"refsource": "CONFIRM",
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"name": "68931",
"refsource": "OSVDB",
"url": "http://osvdb.org/68931"
},
{
"name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3700",
"datePublished": "2010-10-29T18:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}