Published: 14/01/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

When using Apache Shiro prior to 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache shiro
vmware spring_boot 2.6.0

Synopsis Critical: Red Hat Fuse 712 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...

Debian Bug report logs - #1029039 shiro: CVE-2023-22602 Package: src:shiro; Maintainer for src:shiro is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 16 Jan 2023 19:36:01 UTC Severity: normal Tags: security, upstream Reply or ...

CWE-436 https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl https://access.redhat.com/errata/RHSA-2023:3954 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-22602

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect