CVE-2010-3700: Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security

May 14, 2022 (updated July 8, 2022)

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

References

osvdb.org/68931
www.springsource.com/security/cve-2010-3700
github.com/advisories/GHSA-3295-h9qx-r82x
issues.apache.org/bugzilla/show_bug.cgi?id=25015
nvd.nist.gov/vuln/detail/CVE-2010-3700

Code Behaviors & Features

Detect and mitigate CVE-2010-3700 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →