CVE-2010-3700
First published: Fri Oct 29 2010(Updated: )
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Acegi Security | =1.0.0 | |
| Acegi Security | =1.0.1 | |
| Acegi Security | =1.0.2 | |
| Acegi Security | =1.0.3 | |
| Acegi Security | =1.0.4 | |
| Acegi Security | =1.0.5 | |
| Acegi Security | =1.0.6 | |
| Acegi Security | =1.0.7 | |
| VMware Spring Security | =2.0.0 | |
| VMware Spring Security | =2.0.1 | |
| VMware Spring Security | =2.0.2 | |
| VMware Spring Security | =2.0.3 | |
| VMware Spring Security | =2.0.4 | |
| VMware Spring Security | =2.0.5 | |
| VMware Spring Security | =3.0.0 | |
| VMware Spring Security | =3.0.1 | |
| VMware Spring Security | =3.0.2 | |
| VMware Spring Security | =3.0.3 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =6.1 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-3700?
CVE-2010-3700 has been classified with a high severity rating due to the risk of unauthorized access.
How do I fix CVE-2010-3700?
To fix CVE-2010-3700, update to Spring Security versions 2.0.6 or 3.0.4 or later, or Acegi Security version 1.0.8.
Who is affected by CVE-2010-3700?
CVE-2010-3700 affects users of Acegi Security versions 1.0.0 through 1.0.7 and VMware Spring Security versions 2.x before 2.0.6 and 3.x before 3.0.4.
What kind of attack can exploit CVE-2010-3700?
CVE-2010-3700 can be exploited by remote attackers to bypass security constraints via manipulated path parameters.
Is CVE-2010-3700 still relevant today?
While CVE-2010-3700 is an older vulnerability, it remains relevant for systems still using affected versions of the software.
- collector/nvd-historical
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/event
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/acegisecurity
- canonical/acegi security
- version/acegi security/1.0.0
- version/acegi security/1.0.1
- version/acegi security/1.0.2
- version/acegi security/1.0.3
- version/acegi security/1.0.4
- version/acegi security/1.0.5
- version/acegi security/1.0.6
- version/acegi security/1.0.7
- vendor/vmware
- canonical/vmware spring security
- version/vmware spring security/2.0.0
- version/vmware spring security/2.0.1
- version/vmware spring security/2.0.2
- version/vmware spring security/2.0.3
- version/vmware spring security/2.0.4
- version/vmware spring security/2.0.5
- version/vmware spring security/3.0.0
- version/vmware spring security/3.0.1
- version/vmware spring security/3.0.2
- version/vmware spring security/3.0.3
- vendor/ibm
- canonical/ibm websphere application server with web server plug-ins
- version/ibm websphere application server with web server plug-ins/6.1
- version/ibm websphere application server with web server plug-ins/7.0