NA

CVE-2020-1957

Published: 25/03/2020 Updated: 17/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Shiro prior to 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache shiro

Vendor Advisories

Debian Bug report logs - #955018 shiro: CVE-2020-1957 Package: src:shiro; Maintainer for src:shiro is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Mar 2020 20:42:01 UTC Severity: important Tags: security, upstream Found in ...

Mailing Lists

The Shiro team is pleased to announce the release of Apache Shiro version 152 This security release contains 3 fixes since the 151 release and is available for Download now [1] CVE-2020-1957: Apache Shiro before 152, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authenticatio ...

Github Repositories

Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

本项目仅用于安全研究,禁止使用本项目发起非法攻击,造成的后果使用者负责 这是一个个人用于复现、公开一些感兴趣、或者影响稍大的漏洞的项目,没有多少技术含量,权当个人技术笔记。 fastjson 该模块主要记录一些fastjson的利用gadget,不过很多gadget并没有记录在案。 RCE相关 package

离线文档库

Experience-library 离线文档库 在网上收集的有意义的文章 在本地学习 勿喷 下载慢用这个:giteecom/atdpa4sw0rd/Experience-librarygit <<<<<<< HEAD 20200617 22:42 更新文章 1浅谈渗透江湖之细水柔情pdf 2渗透测试之黑白无常pdf 3xss注入pdf 4渗透技巧