Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43864?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43864?format=api", "vulnerability_id": "VCID-7kpg-9qh6-c7e6", "summary": "Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security\nVMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.", "aliases": [ { "alias": "CVE-2010-3700" }, { "alias": "GHSA-3295-h9qx-r82x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63018?format=api", "purl": "pkg:maven/org.acegisecurity/acegi-security@1.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.acegisecurity/acegi-security@1.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/63116?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63117?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63017?format=api", "purl": "pkg:maven/org.acegisecurity/acegi-security@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kpg-9qh6-c7e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.acegisecurity/acegi-security@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63114?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28ru-qm8a-skg3" }, { "vulnerability": "VCID-46dm-5t83-tyh6" }, { "vulnerability": "VCID-7kpg-9qh6-c7e6" }, { "vulnerability": "VCID-gmn5-ykw3-cqf4" }, { "vulnerability": "VCID-m3ht-28wc-yyeg" }, { "vulnerability": "VCID-vh4r-sk3t-eqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63115?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kpg-9qh6-c7e6" }, { "vulnerability": "VCID-gmn5-ykw3-cqf4" }, { "vulnerability": "VCID-uxfq-rj43-a7bd" }, { "vulnerability": "VCID-zb97-bzya-4uek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0" } ], "references": [ { "reference_url": "http://osvdb.org/68931", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/68931" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4824", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3700" }, { "reference_url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015" }, { "reference_url": "https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3700", "reference_id": "CVE-2010-3700", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3700" }, { "reference_url": "http://www.springsource.com/security/cve-2010-3700", "reference_id": "CVE-2010-3700", "reference_type": "", "scores": [], "url": "http://www.springsource.com/security/cve-2010-3700" }, { "reference_url": "https://github.com/advisories/GHSA-3295-h9qx-r82x", "reference_id": "GHSA-3295-h9qx-r82x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3295-h9qx-r82x" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 264, "name": "Permissions, Privileges, and Access Controls", "description": "Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 288, "name": "Authentication Bypass Using an Alternate Path or Channel", "description": "A product requires authentication, but the product has an alternate path or channel that does not require authentication." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kpg-9qh6-c7e6" }