CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-46749 – Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
https://notcve.org/view.php?id=CVE-2023-46749
15 Jan 2024 — Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default). Apache Shiro anterior a 1.130 o 2.0.0-alpha-4 puede ser susceptible a un ataque de path traversal que da como resultado una omisión de autenticación cuando se usa junto con path rewriting. Mitigación: actualice a Apach... • https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-46750 – Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.
https://notcve.org/view.php?id=CVE-2023-46750
14 Dec 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") cuando se utiliza la autenticación de "formulario" en Apache Shiro. Mitigación: actualice a Apache Shiro 1.13.0+ o 2.0.0-alpha-4+. URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache S... • https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34478 – Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.
https://notcve.org/view.php?id=CVE-2023-34478
24 Jul 2023 — Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ Apache Shiro, antes de 1.12.0 o 2.0.0-alpha-3, puede ser susceptible a un ataque de Path Traversal que resulta en una omisión de autenticación cuando se usa junto con API u otros marcos web que enrutan solicitud... • http://www.openwall.com/lists/oss-security/2023/07/24/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22602 – Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request
https://notcve.org/view.php?id=CVE-2023-22602
14 Jan 2023 — When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher` Cuando se utiliza Apache Shiro ante... • https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl • CWE-436: Interpretation Conflict •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-40664 – Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
https://notcve.org/view.php?id=CVE-2022-40664
12 Oct 2022 — Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. Apache Shiro versiones anteriores a 1.10.0, una vulnerabilidad de Omisión de Autenticación en Shiro cuando es reenviado o es incluida por medio de RequestDispatcher • http://www.openwall.com/lists/oss-security/2022/10/12/1 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2022-32532 – Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-32532
28 Jun 2022 — Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En Apache Shiro versiones anteriores a 1.9.1, Un RegexRequestMatcher puede ser configurado inapropiadamente para ser evitado en algunos contenedores de servlets. Las aplicaciones usando RegExPatternMatcher con "." en la expresión regular son posiblemente vulnerables a una ... • https://github.com/Lay0us/CVE-2022-32532 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 13%CPEs: 3EXPL: 0CVE-2021-41303 – Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass
https://notcve.org/view.php?id=CVE-2021-41303
17 Sep 2021 — Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. Apache Shiro versiones anteriores a 1.8.0, cuando es usado Apache Shiro con Spring Boot, una petición HTTP especialmente diseñada puede causar una omisión de autenticación. Los usuarios deben actualizar a Apache Shiro versión 1.8.0 • https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 34%CPEs: 1EXPL: 1CVE-2020-17523
https://notcve.org/view.php?id=CVE-2020-17523
03 Feb 2021 — Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Apache Shiro versiones anteriores a 1.7.1, cuando se usa Apache Shiro con Spring, una petición HTTP especialmente diseñada puede causar una omisión de autenticación • https://github.com/jweny/shiro-cve-2020-17523 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-17510 – shiro: specially crafted HTTP request may cause an authentication bypass
https://notcve.org/view.php?id=CVE-2020-17510
05 Nov 2020 — Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Apache Shiro versiones anteriores a 1.7.0, cuando se usa Apache Shiro con Spring, una petición HTTP especialmente diseñada puede causar una omisión de autenticación A flaw was found in Apache shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. This highest threat from this vulnerability is to data confidentiality and... • https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129%40%3Cdev.shiro.apache.org%3E • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-13933 – shiro: specially crafted HTTP request may cause an authentication bypass
https://notcve.org/view.php?id=CVE-2020-13933
17 Aug 2020 — Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. Apache Shiro versiones anteriores a 1.6.0, cuando se usa Apache Shiro, una petición HTTP especialmente diseñada puede causar una omisión de autenticación. A flaw was found in Apache Shiro in versions prior to 1.6.0. A specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality. • https://github.com/EXP-Docs/CVE-2020-13933 • CWE-287: Improper Authentication •