CVE-2010-3700
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
EPSS 0.25%
Description
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
How to fix CVE-2010-3700
To remediate CVE-2010-3700, upgrade the affected package to a fixed version below.
- Maven/org.acegisecurity:acegi-security—no fix listed
- Maven/org.springframework.security:spring-security-core—upgrade to 2.0.6 or later
Is CVE-2010-3700 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 1.0.0, <= 1.0.7
- >= 2.0.0, < 2.0.6