Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache shiro vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-34040
In Spring for Apache Kafka 3.0.9 and previous versions and versions 2.9.10 and previous versions, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deser...
Vmware Spring For Apache Kafka
4 Github repositories
7.5
CVSSv3
CVE-2023-22602
When using Apache Shiro prior to 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot <...
Apache Shiro
Vmware Spring Boot 2.6.0
7.5
CVSSv3
CVE-2020-13933
Apache Shiro prior to 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 9.0
3 Github repositories
7.5
CVSSv3
CVE-2019-12422
Apache Shiro prior to 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
Apache Shiro
6.5
CVSSv3
CVE-2023-46749
Apache Shiro prior to 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this i...
Apache Shiro 2.0.0
Apache Shiro
6.1
CVSSv3
CVE-2023-46750
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
Apache Shiro 2.0.0
Apache Shiro
4.3
CVSSv3
CVE-2023-34050
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provi...
Vmware Spring Advanced Message Queuing Protocol
2 Github repositories
NA
CVE-2010-3863
Apache Shiro prior to 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote malicious users to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp ...
Apache Shiro
Jsecurity Jsecurity 0.9.0
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2