Lucene search
Veracode Vulnerability DatabaseVERACODE:32170HistorySep 20, 2021 - 10:05 a.m.
Authentication Bypass
2021-09-2010:05:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.269 Low
EPSS
Percentile
96.8%
Apache Shiro Web is vulnerable to authentication bypass. An unhandled HTTP request causes an authentication bypass while using it with Spring Boot.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache shiro :: web | le | 1.7.1 | |
| apache shiro :: web | le | 1.7.1 |
References
github.com/apache/shiro/commit/55deabc919bb02fc9f09e5f9930b80142be4a5fe
github.com/apache/shiro/commit/b40c3d690232de03460c395665c36803379bef0c
issues.apache.org/jira/browse/SHIRO-216
lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b@%3Cuser.shiro.apache.org%3E
lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
security.netapp.com/advisory/ntap-20220609-0001/
www.oracle.com/security-alerts/cpujul2022.html
Related
nvd
nvd
CVE-2021-41303
2021-09-17 09:15:09
redhatcve
redhatcve
CVE-2021-41303
2021-09-20 19:39:08
cve
cve
CVE-2021-41303
2021-09-17 09:15:09
osv
osv
CVE-2021-41303
2021-09-17 09:15:09
debiancve
debiancve
CVE-2021-41303
2021-09-17 09:15:09
cvelist
cvelist
nessus
nessus
Apache Shiro < 1.8.0 Authentication Bypass
2022-06-01 00:00:00
ubuntucve
ubuntucve
CVE-2021-41303
2021-09-17 00:00:00
prion
prion
Authentication flaw
2021-09-17 09:15:00
github
github
cnvd
cnvd
APACHE SHIRO authentication bypass vulnerability
2021-09-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00