Lucene search

Veracode Vulnerability DatabaseVERACODE:25737

HistoryJun 23, 2020 - 2:26 a.m.

Authentication Bypass

2020-06-2302:26:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.016 Low

EPSS

Percentile

87.3%

JSON

Apache Shiro-web is vulnerable to authentication bypass. Lack of proper handling of servletPath parameter in the request allows an attacker to inject malicious string via the request parameter and bypass authentication.

CPENameOperatorVersion
apache shiro :: weble1.5.2
apache shiro :: weble1.5.2

CPE	Name	Operator	Version
	apache shiro :: web	le	1.5.2
	apache shiro :: web	le	1.5.2

References

github.com/apache/shiro/commit/b90f91875e5e18c4805013c2fa0567b1700f5a96

issues.apache.org/jira/browse/SHIRO-753

lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E

lists.apache.org/thread.html/r408fe60bc8fdfd7c74135249d646d7abadb807ebf90f6fd2b014df21@%3Cdev.geode.apache.org%3E

lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675%40%3Cuser.shiro.apache.org%3E

lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cdev.shiro.apache.org%3E

lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cuser.shiro.apache.org%3E

lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E

lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E

lists.apache.org/thread.html/rcf3d8041e1232201fe5d74fc612a193e435784d64002409b448b58fe@%3Cdev.geode.apache.org%3E

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for VERACODE:25737