Lucene search

[email protected]NVD:CVE-2010-3700

HistoryOct 29, 2010 - 7:00 p.m.

CVE-2010-3700

2010-10-2919:00:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.005

Percentile

77.1%

JSON

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Affected configurations

Nvd

Node

acegisecurityacegi-securityMatch1.0.0

acegisecurityacegi-securityMatch1.0.1

acegisecurityacegi-securityMatch1.0.2

acegisecurityacegi-securityMatch1.0.3

acegisecurityacegi-securityMatch1.0.4

acegisecurityacegi-securityMatch1.0.5

acegisecurityacegi-securityMatch1.0.6

acegisecurityacegi-securityMatch1.0.7

vmwarespringsource_spring_securityMatch2.0.0

vmwarespringsource_spring_securityMatch2.0.1

vmwarespringsource_spring_securityMatch2.0.2

vmwarespringsource_spring_securityMatch2.0.3

vmwarespringsource_spring_securityMatch2.0.4

vmwarespringsource_spring_securityMatch2.0.5

vmwarespringsource_spring_securityMatch3.0.0

vmwarespringsource_spring_securityMatch3.0.1

vmwarespringsource_spring_securityMatch3.0.2

vmwarespringsource_spring_securityMatch3.0.3

AND

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch7.0

References

osvdb.org/68931

secunia.com/advisories/42024

www.securityfocus.com/archive/1/514517/100/0/threaded

www.securityfocus.com/bid/44496

www.springsource.com/security/cve-2010-3700

issues.apache.org/bugzilla/show_bug.cgi?id=25015

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.005

Percentile

77.1%

JSON

Related for NVD:CVE-2010-3700

prion1 cve1 securityvulns2 packetstorm1 osv1 github1 cvelist1