Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache shiro vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-17523
Apache Shiro prior to 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
4 Github repositories
7.5
CVSSv2
CVE-2022-32532
Apache Shiro prior to 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Apache Shiro
3 Github repositories
7.5
CVSSv2
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.
Jeesite Jeesite 1.2.7
7.5
CVSSv2
CVE-2021-41303
Apache Shiro prior to 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Apache Shiro
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
7.5
CVSSv2
CVE-2020-17510
Apache Shiro prior to 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2020-11989
Apache Shiro prior to 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro
2 Github repositories
7.5
CVSSv2
CVE-2020-1957
Apache Shiro prior to 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 8.0
5
CVSSv2
CVE-2020-13933
Apache Shiro prior to 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 9.0
3 Github repositories
5
CVSSv2
CVE-2019-12422
Apache Shiro prior to 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
Apache Shiro
5
CVSSv2
CVE-2010-3863
Apache Shiro prior to 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote malicious users to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp ...
Apache Shiro
Jsecurity Jsecurity 0.9.0
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »