Page 2 of 17 results (0.006 seconds)

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1

CVE-2022-32532 – Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En Apache Shiro versiones anteriores a 1.9.1, Un RegexRequestMatcher puede ser configurado inapropiadamente para ser evitado en algunos contenedores de servlets. Las aplicaciones usando RegExPatternMatcher con "." en la expresión regular son posiblemente vulnerables a una omisión de autorización • https://github.com/Lay0us/CVE-2022-32532 https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 33%CPEs: 3EXPL: 0

CVE-2021-41303 – Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

https://notcve.org/view.php?id=CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. Apache Shiro versiones anteriores a 1.8.0, cuando es usado Apache Shiro con Spring Boot, una petición HTTP especialmente diseñada puede causar una omisión de autenticación. Los usuarios deben actualizar a Apache Shiro versión 1.8.0 • https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E https://security.netapp.com/advisory/ntap-20220609-0001 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 36%CPEs: 1EXPL: 0

CVE-2020-17523

https://notcve.org/view.php?id=CVE-2020-17523

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Apache Shiro versiones anteriores a 1.7.1, cuando se usa Apache Shiro con Spring, una petición HTTP especialmente diseñada puede causar una omisión de autenticación • https://lists.apache.org/thread.html/r5b93ddf97e2c4cda779d22fab30539bdec454cfa5baec4ad0ffae235%40%3Cgitbox.activemq.apache.org%3E https://lists.apache.org/thread.html/r679ca97813384bdb1a4c087810ba44d9ad9c7c11583979bb7481d196%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d%40 • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0

CVE-2020-17510 – shiro: specially crafted HTTP request may cause an authentication bypass

https://notcve.org/view.php?id=CVE-2020-17510

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Apache Shiro versiones anteriores a 1.7.0, cuando se usa Apache Shiro con Spring, una petición HTTP especialmente diseñada puede causar una omisión de autenticación A flaw was found in Apache shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. This highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r95bdf3703858b5f958b5e190d747421771b430d97095880db91980d6%40%3Canno • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-13933 – shiro: specially crafted HTTP request may cause an authentication bypass

https://notcve.org/view.php?id=CVE-2020-13933

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. Apache Shiro versiones anteriores a 1.6.0, cuando se usa Apache Shiro, una petición HTTP especialmente diseñada puede causar una omisión de autenticación. A flaw was found in Apache Shiro in versions prior to 1.6.0. A specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality. • https://github.com/EXP-Docs/CVE-2020-13933 https://lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198%40%3Cdev.geode.apache.org%3E https://lists.apache.org/thread.html/r4506cedc401d6b8de83787f8436aac83956e411d66848c84785db46d%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r4c1e1249e9e1acb868db0c80728c13f448d07333da06a0f1603c0a33%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread • CWE-287: Improper Authentication •