9
CVSSv2

CVE-2020-17523

Published: 03/02/2021 Updated: 17/02/2021
CVSS v2 Base Score: 9 | Impact Score: 8.5 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Vulnerability Summary

Apache Shiro prior to 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

Most Upvoted Vulmon Research Post

Apache Shiro very easy to exploit authentication bypass vulnerability. Use blank characters such as spaces to bypass shiro authentication: http://127.0.0.1/admin/%20 or http://127.0.0.1/admin/%20/ https://github.com/jweny/shiro-cve-2020-17523

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache shiro

Mailing Lists

The Shiro team is pleased to announce the release of Apache Shiro version 171 This security release contains 1 fix since the 170 release and is available for Download now [1] Bug [SHIRO-797] - Shiro 170 is lower than using springboot version 207 dependency error CVE-2020-17523: Apache Shiro before 171, when using Apache Shiro ...

Github Repositories

shiro-cve-2020-17523 漏洞分析

Apache Shiro 认证绕过分析(CVE-2020-17523) 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一

分类和整理自己看过的所有文章,方便知识体系的建立和查漏补缺

SecurityArticleLogger 分类和整理自己看过的所有文章,方便知识体系的建立和查漏补缺 PS内容存档后面我放在了印象笔记的剪藏 红队相关 12021213-域渗透之滥用SPN mappings 内容图片存档 2攻击者如何使用Kerberos Silver Ticket来利用系统 内容图片存档 Java相关 Apache Shiro 两种姿势绕过认证分析