4 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)
org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...
br.net.woodstock.rockframework:rockframework-domain (>=1.2.1 <=1.2.2), com.force.sdk:force-springsecurity (>=22.0.2-BETA <=22.0.9-BETA) +30 more potentially affected by CVE-2010-3700 via org.springframework.security:spring-security-core (>=3.0.0.RELEASE <=3.0.3.RELEASE)
org.springframework.security:spring-security-core MAVEN version =3.0.0.RELEASE, =1.2.1, =22.0.2-BETA, =1.2.0, =1.1, =1.2-1, =3.49, =1.4.5.1, =2.4.0, =2.4.0, =1.20, =1.6, =1.6, =1.6, =3.9.SS3, =3.19.SS3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...
CVE-2010-3700
CVE-2010-3700 affects Spring Security (SpringSource) 2.x up to 2.0.5 and 3.x up to 3.0.3, and Acegi Security 1.0.0–1.0.7, notably when used in IBM WebSphere Application Server 6.1/7.0. The root cause is that URL path parameters are not consistently excluded from getPathInfo(), allowing an attacke...
Spring Security Security Constraint Bypass
CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...