CVE-2010-3700 – Spring Security Security Constraint Bypass

https://notcve.org/view.php?id=CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. VMware SpringSource Spring Security v2.x anterior a v2.0.6 y v3.x anterior a v3.0.4, y Acegi Security v1.0.0 hasta v1.0.7, como el usado en IBM WebSphere Application Server (WAS) v6.1 y v7.0, permite a los atacantes remotos evitar las restricciones de seguridad a través de un parámetro de ruta. Spring Security does not consider URL path parameters when processing security constraints. By adding an URL path parameter to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification (see below). • http://osvdb.org/68931 http://secunia.com/advisories/42024 http://www.securityfocus.com/archive/1/514517/100/0/threaded http://www.securityfocus.com/bid/44496 http://www.springsource.com/security/cve-2010-3700 https://issues.apache.org/bugzilla/show_bug.cgi?id=25015 • CWE-264: Permissions, Privileges, and Access Controls •