Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shiro vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-41303
Apache Shiro prior to 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Apache Shiro
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
802
VMScore
CVE-2020-17523
Apache Shiro prior to 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
4 Github repositories
670
VMScore
CVE-2020-17510
Apache Shiro prior to 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 9.0
446
VMScore
CVE-2020-13933
Apache Shiro prior to 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 9.0
3 Github repositories
668
VMScore
CVE-2020-11989
Apache Shiro prior to 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro
2 Github repositories
672
VMScore
CVE-2020-1957
Apache Shiro prior to 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro
Debian Debian Linux 8.0
446
VMScore
CVE-2019-12422
Apache Shiro prior to 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
Apache Shiro
445
VMScore
CVE-2018-20437
An issue exists in the fileDownload function in the CommonController class in FEBS-Shiro prior to 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of thi...
Mrbird Febs-shiro
505
VMScore
CVE-2010-3863
Apache Shiro prior to 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote malicious users to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp ...
Apache Shiro
Jsecurity Jsecurity 0.9.0
1 EDB exploit
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2