Published: 15/01/2024 Updated: 22/01/2024

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Apache Shiro prior to 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache shiro 2.0.0
apache shiro

Debian Bug report logs - #1060754 shiro: CVE-2023-46749 Package: src:shiro; Maintainer for src:shiro is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Jan 2024 16:51:04 UTC Severity: important Tags: security, upstream Found ...

DescriptionA flaw was found in Apache Shiro, which may allow a path traversal attack When this issue is combined with the path rewriting feature, it can lead to an authentication bypassA flaw was found in Apache Shiro, which may allow a path traversal attack When this issue is combined with the path rewriting feature, it can lead to an au ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2023-46749: Apache Shiro before 1130 or 200-alpha-4, may be susceptible to a path traversal attack that results in an au ...

CWE-22 https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060754 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-46749

CVE-2023-46749

Vulnerability Summary

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect