Published: 17/08/2020 Updated: 05/10/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Apache Shiro prior to 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache shiro

Vendor Advisories

Debian Bug report logs - #968753 CVE-2020-13933 Package: src:shiro; Maintainer for src:shiro is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 20 Aug 2020 21:51:02 UTC Severity: important Tags: security, upstream Reply or subsc ...

Github Repositories


Hi there, I'm EXP I'm a developer from China, and this is the place where I opensource stuff I’m currently working on VSCode I’m currently rebuilding my Blog Site I’m currently learning K8S, GraphQL and ZT Ask me about anything here This week I spent my free time on Programming 26 hrs oo

CVE-2020-13933 靶场: shiro < 1.6.0 认证绕过漏洞

CVE-2020-13933 靶场 shiro &lt; 160 认证绕过漏洞 PoC 127001:8080/res/%3bpoc 分析断点位置 spring-web-525RELEASEjar // orgspringframeworkwebutilUrlPathHelperjava // line 459 private String decodeAndCleanUriString(HttpServletRequest request, String uri) { uri = removeSemicolonContent(uri); uri = decodeRequestString(request, uri);

cve-2020-13933 apache shiro权限绕过漏洞

cve-2020-13933- cve-2020-13933 apache shiro权限绕过漏洞

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745