exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed


Spring Security Security Constraint Bypass
Posted Oct 28, 2010
Authored by SpringSource Security Team

Spring Security does not consider URL path parameters when processing security constraints. By adding an URL path parameter to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification (see below). Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed.

tags | exploit, root, bypass
advisories | CVE-2010-3700
SHA-256 | 429e4cf5e844ee3703c922909bb8c267c6740efb53e7fb37de08a3f14ccacd09
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By