Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-17510

Published: 05/11/2020 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Shiro prior to 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache shiro

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-17523 CVE-2020-17510 CVE-2020-11989
Debian Bug report logs - #988728 CVE-2020-17523 CVE-2020-17510 CVE-2020-11989 Package: src:shiro; Maintainer for src:shiro is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 18 May 2021 18:39:02 UTC Severity: important Tags: security ...

Mailing Lists

Full Disclosure: [CVE-2020-17510] Apache Shiro Authentication Bypass Vulnerability
Apache Shiro before 170, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass If you are NOT using Shiro’s Spring Boot Starter (`shiro-spring-boot-web-starter`), you must configure add the ShiroRequestMappingConfig auto configuration[1] to your application or configure the equivalent manuall ...

References

CWE-287https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2021/08/msg00002.htmlhttps://lists.apache.org/thread.html/r95bdf3703858b5f958b5e190d747421771b430d97095880db91980d6%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac%40%3Cdev.shiro.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988728https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2012-1823malicious code‎CVE-2024-5770CVE-2023-45866CVE-2024-35687local usersCVE-2024-31246CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook