Published: 05/11/2010 Updated: 10/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Apache Shiro prior to 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote malicious users to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache shiro
jsecurity jsecurity 0.9.0

source: wwwsecurityfocuscom/bid/44616/info Apache Shiro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks Apache Shiro 100 is vulnerable; other versions may be affe ...

Apache Shiro version 100-incubating suffers from an information disclosure vulnerability Shiro's path-based filter chain mechanism did not normalize request paths before performing path-matching logic The result is that Shiro filter chain matching logic was susceptible to potential path traversal attacks ...

个人学习Java安全的笔记

JavaSec学习笔记📝 碎碎念一个存储自己学习 Java 安全的笔记仓库，所思随所欲，文笔难掩拙劣，仅供参考。如果本文也恰好对你有所帮助，不妨留下你的⭐️。一些拖更的原因（借口）：域渗透基础体系建设非 Java 的一些代码审计目录 ├── 00-JavaSE │   ├── 0

CWE-22 http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0020.html http://www.securityfocus.com/bid/44616 http://secunia.com/advisories/41989 http://osvdb.org/69067 http://www.vupen.com/english/advisories/2010/2888 https://exchange.xforce.ibmcloud.com/vulnerabilities/62959 http://www.securityfocus.com/archive/1/514616/100/0/threaded https://nvd.nist.gov https://github.com/dota-st/JavaSec https://www.exploit-db.com/exploits/34952/

CVE-2010-3863

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect