All the vulnerabilites related to vmware - springsource_spring_security
Vulnerability from fkie_nvd
Published
2010-10-29 19:00
Modified
2024-11-21 01:19
Severity ?
Summary
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acegisecurity | acegi-security | 1.0.0 | |
| acegisecurity | acegi-security | 1.0.1 | |
| acegisecurity | acegi-security | 1.0.2 | |
| acegisecurity | acegi-security | 1.0.3 | |
| acegisecurity | acegi-security | 1.0.4 | |
| acegisecurity | acegi-security | 1.0.5 | |
| acegisecurity | acegi-security | 1.0.6 | |
| acegisecurity | acegi-security | 1.0.7 | |
| vmware | springsource_spring_security | 2.0.0 | |
| vmware | springsource_spring_security | 2.0.1 | |
| vmware | springsource_spring_security | 2.0.2 | |
| vmware | springsource_spring_security | 2.0.3 | |
| vmware | springsource_spring_security | 2.0.4 | |
| vmware | springsource_spring_security | 2.0.5 | |
| vmware | springsource_spring_security | 3.0.0 | |
| vmware | springsource_spring_security | 3.0.1 | |
| vmware | springsource_spring_security | 3.0.2 | |
| vmware | springsource_spring_security | 3.0.3 | |
| ibm | websphere_application_server | 6.1 | |
| ibm | websphere_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA06D12-CC44-455D-AB77-7DD48B73B621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F849A68-C6CD-49A7-A66E-81A672A01767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28C0DF47-9736-41F7-ACCB-713583367CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34562257-61C5-4F8B-A16D-82560E6B6D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD592BAE-7E31-4ACF-8F71-D3955EF6D4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F41693E-F9B8-4A14-9390-A5736D8CBB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB50F4C-3612-42C7-8CF6-1D42B6B54B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "60BA3BEA-311D-43E1-BA9C-009223339082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9CDD56-921C-4FAF-87E2-14B91EC1A93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
},
{
"lang": "es",
"value": "VMware SpringSource Spring Security v2.x anterior a v2.0.6 y v3.x anterior a v3.0.4, y Acegi Security v1.0.0 hasta v1.0.7, como el usado en IBM WebSphere Application Server (WAS) v6.1 y v7.0, permite a los atacantes remotos evitar las restricciones de seguridad a trav\u00e9s de un par\u00e1metro de ruta."
}
],
"id": "CVE-2010-3700",
"lastModified": "2024-11-21T01:19:25.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-29T19:00:02.247",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/68931"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42024"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/44496"
},
{
"source": "secalert@redhat.com",
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/68931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-05 17:55
Modified
2024-11-21 01:43
Severity ?
Summary
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.springsource.com/security/CVE-2012-5055 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.springsource.com/security/CVE-2012-5055 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | springsource_spring_security | * | |
| vmware | springsource_spring_security | 2.0.0 | |
| vmware | springsource_spring_security | 2.0.1 | |
| vmware | springsource_spring_security | 2.0.2 | |
| vmware | springsource_spring_security | 2.0.3 | |
| vmware | springsource_spring_security | 2.0.4 | |
| vmware | springsource_spring_security | 2.0.5 | |
| vmware | springsource_spring_security | 3.0.0 | |
| vmware | springsource_spring_security | 3.0.1 | |
| vmware | springsource_spring_security | 3.0.2 | |
| vmware | springsource_spring_security | 3.0.3 | |
| vmware | springsource_spring_security | 3.0.4 | |
| vmware | springsource_spring_security | 3.0.5 | |
| vmware | springsource_spring_security | 3.1.1 | |
| vmware | springsource_spring_security | 3.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8",
"versionEndIncluding": "2.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F42E395-9775-4F37-90EF-9AD2B0FF7CD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86B12DA8-FFBF-4BCA-8485-18083BA1D827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9F1EA7-CFE0-41AE-9A17-6DACD04F17EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests."
},
{
"lang": "es",
"value": "DaoAuthenticationProvider en VMware SpringSource Spring Security antes de v2.0.8, v3.0.x antes de v3.0.8, y v3.1.x antes de v3.1.3 no comprueba la contrase\u00f1a si el usuario no se encuentra, lo que hace que la respuesta de retardo sea menor y podr\u00eda permitir a atacantes remotos para enumerar los nombres de usuario v\u00e1lidos a trav\u00e9s de una serie de solicitudes de inicio de sesi\u00f3n."
}
],
"id": "CVE-2012-5055",
"lastModified": "2024-11-21T01:43:56.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-05T17:55:01.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.springsource.com/security/CVE-2012-5055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.springsource.com/security/CVE-2012-5055"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-05 17:55
Modified
2024-11-21 01:28
Severity ?
Summary
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | springsource_spring_security | * | |
| vmware | springsource_spring_security | * | |
| vmware | springsource_spring_security | 2.0.0 | |
| vmware | springsource_spring_security | 2.0.1 | |
| vmware | springsource_spring_security | 2.0.2 | |
| vmware | springsource_spring_security | 2.0.3 | |
| vmware | springsource_spring_security | 2.0.4 | |
| vmware | springsource_spring_security | 2.0.5 | |
| vmware | springsource_spring_security | 3.0.0 | |
| vmware | springsource_spring_security | 3.0.1 | |
| vmware | springsource_spring_security | 3.0.2 | |
| vmware | springsource_spring_security | 3.0.3 | |
| vmware | springsource_spring_security | 3.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8",
"versionEndIncluding": "2.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24B6283-AC10-411C-BC40-FF9CDD4984EE",
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el mecanismo RunAsManager en Mware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 almacena el objeto Authentication en el contexto de seguridad compartida, lo que permite a atacantes remotos ganar privilegios a trav\u00e9s de un hilo manipulado."
}
],
"id": "CVE-2011-2731",
"lastModified": "2024-11-21T01:28:51.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-05T17:55:01.460",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.springsource.com/security/cve-2011-2731"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.springsource.com/security/cve-2011-2731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029151"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-05 17:55
Modified
2024-11-21 01:28
Severity ?
Summary
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | springsource_spring_security | * | |
| vmware | springsource_spring_security | * | |
| vmware | springsource_spring_security | 2.0.0 | |
| vmware | springsource_spring_security | 2.0.1 | |
| vmware | springsource_spring_security | 2.0.2 | |
| vmware | springsource_spring_security | 2.0.3 | |
| vmware | springsource_spring_security | 2.0.4 | |
| vmware | springsource_spring_security | 2.0.5 | |
| vmware | springsource_spring_security | 3.0.0 | |
| vmware | springsource_spring_security | 3.0.1 | |
| vmware | springsource_spring_security | 3.0.2 | |
| vmware | springsource_spring_security | 3.0.3 | |
| vmware | springsource_spring_security | 3.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8",
"versionEndIncluding": "2.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24B6283-AC10-411C-BC40-FF9CDD4984EE",
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de secuencias CRLF en la funcionalidad de logout en VMware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s del par\u00e1metro spring-security-redirect."
}
],
"id": "CVE-2011-2732",
"lastModified": "2024-11-21T01:28:51.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-05T17:55:01.537",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.springsource.com/security/cve-2011-2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.springsource.com/security/cve-2011-2732"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-5055
Vulnerability from cvelistv5
Published
2012-12-05 17:00
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.springsource.com/security/CVE-2012-5055 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.springsource.com/security/CVE-2012-5055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-05T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.springsource.com/security/CVE-2012-5055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.springsource.com/security/CVE-2012-5055",
"refsource": "CONFIRM",
"url": "http://support.springsource.com/security/CVE-2012-5055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5055",
"datePublished": "2012-12-05T17:00:00Z",
"dateReserved": "2012-09-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:00.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2731
Vulnerability from cvelistv5
Published
2012-12-05 17:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.springsource.com/security/cve-2011-2731 | x_refsource_CONFIRM | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814 | x_refsource_MISC | |
| http://secunia.com/advisories/55155 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1029151 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.springsource.com/security/cve-2011-2731"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"name": "55155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55155"
},
{
"name": "1029151",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.springsource.com/security/cve-2011-2731"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"name": "55155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55155"
},
{
"name": "1029151",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029151"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2731",
"datePublished": "2012-12-05T17:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2732
Vulnerability from cvelistv5
Published
2012-12-05 17:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814 | x_refsource_MISC | |
| http://support.springsource.com/security/cve-2011-2732 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.springsource.com/security/cve-2011-2732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-05T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.springsource.com/security/cve-2011-2732"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2732",
"datePublished": "2012-12-05T17:00:00Z",
"dateReserved": "2011-07-11T00:00:00Z",
"dateUpdated": "2024-08-06T23:08:23.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3700
Vulnerability from cvelistv5
Published
2010-10-29 18:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/44496 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/42024 | third-party-advisory, x_refsource_SECUNIA | |
| https://issues.apache.org/bugzilla/show_bug.cgi?id=25015 | x_refsource_MISC | |
| http://www.springsource.com/security/cve-2010-3700 | x_refsource_CONFIRM | |
| http://osvdb.org/68931 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/514517/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44496"
},
{
"name": "42024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"name": "68931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/68931"
},
{
"name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "44496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44496"
},
{
"name": "42024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"name": "68931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/68931"
},
{
"name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44496"
},
{
"name": "42024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42024"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015",
"refsource": "MISC",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"
},
{
"name": "http://www.springsource.com/security/cve-2010-3700",
"refsource": "CONFIRM",
"url": "http://www.springsource.com/security/cve-2010-3700"
},
{
"name": "68931",
"refsource": "OSVDB",
"url": "http://osvdb.org/68931"
},
{
"name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3700",
"datePublished": "2010-10-29T18:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}