VMware SpringSource Spring Security 2.x prior to 2.0.6 and 3.x prior to 3.0.4, and Acegi Security 1.0.0 up to and including 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote malicious users to bypass security constraints via a path parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware springsource_spring_security 2.0.4 |
||
vmware springsource_spring_security 2.0.3 |
||
acegisecurity acegi-security 1.0.4 |
||
acegisecurity acegi-security 1.0.5 |
||
vmware springsource_spring_security 2.0.0 |
||
vmware springsource_spring_security 2.0.5 |
||
acegisecurity acegi-security 1.0.2 |
||
acegisecurity acegi-security 1.0.3 |
||
vmware springsource_spring_security 3.0.0 |
||
vmware springsource_spring_security 3.0.1 |
||
vmware springsource_spring_security 2.0.2 |
||
vmware springsource_spring_security 2.0.1 |
||
acegisecurity acegi-security 1.0.6 |
||
acegisecurity acegi-security 1.0.7 |
||
vmware springsource_spring_security 3.0.2 |
||
vmware springsource_spring_security 3.0.3 |
||
acegisecurity acegi-security 1.0.0 |
||
acegisecurity acegi-security 1.0.1 |
||
ibm websphere_application_server 7.0 |
||
ibm websphere_application_server 6.1 |