Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2022-32532

Published: 29/06/2022 Updated: 08/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

Apache Shiro prior to 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache shiro

Vendor Advisories

Debian CVElist Bug Report Logs: shiro: CVE-2022-32532
Debian Bug report logs - #1014820 shiro: CVE-2022-32532 Package: src:shiro; Maintainer for src:shiro is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Tue, 12 Jul 2022 14:36:04 UTC Severity: important Tags: security, upstream Reply ...
Red Hat:
Apache Shiro before 191, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers Applications using RegExPatternMatcher with `` in the regular expression are possibly vulnerable to an authorization bypass ...

Github Repositories

https://github.com/Radon6/2022HW

2022HW漏洞

2022 HW漏洞 网御安全网关存在弱口令漏洞 漏洞描述 CNVD-2022-43128 漏洞详情 网御安全网关存在弱口令漏洞,攻击者可利用该漏洞获取敏感信息。 网御防火墙系统存在信息泄露漏洞 漏洞描述 CNVD-2022-48610 漏洞详情 网御防火墙系统存在信息泄露漏洞,攻击者可利用该漏洞获取敏感信息。 明御We

https://github.com/https-feigoss-com/test3

CVE-2022-32532 about This is a demo project, which only shows one of the conditions for exploiting this vulnerability (CVE-2022-32532) In fact, there are more ways to exploit it, as long as developers use RegExPatternMatcher, there will be a possible bypass vulnerability introduce Token request header verification is required under the current configuration, otherwise you do

https://github.com/Lay0us1/CVE-2022-32532

Apache Shiro CVE-2022-32532

CVE-2022-32532 about This is a demo project, which only shows one of the conditions for exploiting this vulnerability (CVE-2022-32532) In fact, there are more ways to exploit it, as long as developers use RegExPatternMatcher, there will be a possible bypass vulnerability introduce Token request header verification is required under the current configuration, otherwise you do

References

CWE-863https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xhhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014820https://nvd.nist.govhttps://github.com/Radon6/2022HW
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook