CVE-2010-3700 Information

Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4 and Acegi Security 1.0.0 through 1.0.7 as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0 allows remote attackers to bypass security constraints via a path parameter.

Reference

http://osvdb.org/68931 http://secunia.com/advisories/42024 http://www.securityfocus.com/archive/1/514517/100/0/threaded http://www.securityfocus.com/bid/44496 http://www.springsource.com/security/cve-2010-3700 https://issues.apache.org/bugzilla/show_bug.cgi?id=25015