CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Date published : 2010-10-29

http://www.securityfocus.com/bid/44496

http://www.securityfocus.com/archive/1/514517/100/0/threaded