CVE-2010-3700

Sažetak

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Reference

http://osvdb.org/68931
http://secunia.com/advisories/42024
http://www.securityfocus.com/archive/1/514517/100/0/threaded
http://www.securityfocus.com/bid/44496
http://www.springsource.com/security/cve-2010-3700
https://issues.apache.org/bugzilla/show_bug.cgi?id=25015

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

10-10-2018 - 20:05

Objavljeno

29-10-2010 - 19:00