Описание
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00248
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
EPSS
Процентиль: 48%
0.00248
Низкий
5 Medium
CVSS2
Дефекты
CWE-264