Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache shiro vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2020-17523
Apache Shiro prior to 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
4 Github repositories
672
VMScore
CVE-2020-1957
Apache Shiro prior to 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 8.0
670
VMScore
CVE-2020-17510
Apache Shiro prior to 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 9.0
668
VMScore
CVE-2022-32532
Apache Shiro prior to 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Apache Shiro
3 Github repositories
668
VMScore
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.
Jeesite Jeesite 1.2.7
668
VMScore
CVE-2021-41303
Apache Shiro prior to 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Apache Shiro
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
668
VMScore
CVE-2020-11989
Apache Shiro prior to 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro
2 Github repositories
505
VMScore
CVE-2010-3863
Apache Shiro prior to 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote malicious users to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp ...
Apache Shiro
Jsecurity Jsecurity 0.9.0
1 EDB exploit
1 Github repository
446
VMScore
CVE-2020-13933
Apache Shiro prior to 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 9.0
3 Github repositories
446
VMScore
CVE-2019-12422
Apache Shiro prior to 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
Apache Shiro
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »