Lucene search
RedhatCVE-2014-0074HistoryOct 06, 2014 - 2:55 p.m.
CVE-2014-0074
2014-10-0614:55:08
CWE-287
redhat
web.nvd.nist.gov
37
cve-2014-0074
apache shiro
ldap
authentication bypass
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
High
EPSS
0.006
Percentile
79.4%
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
Affected configurations
Node
apacheshiroMatch1.0.0
ORapacheshiroMatch1.1.0
ORapacheshiroMatch1.2.0
ORapacheshiroMatch1.2.1
ORapacheshiroMatch1.2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | shiro | 1.0.0 | cpe:2.3:a:apache:shiro:1.0.0:*:*:*:*:*:*:* |
| apache | shiro | 1.1.0 | cpe:2.3:a:apache:shiro:1.1.0:*:*:*:*:*:*:* |
| apache | shiro | 1.2.0 | cpe:2.3:a:apache:shiro:1.2.0:*:*:*:*:*:*:* |
| apache | shiro | 1.2.1 | cpe:2.3:a:apache:shiro:1.2.1:*:*:*:*:*:*:* |
| apache | shiro | 1.2.2 | cpe:2.3:a:apache:shiro:1.2.2:*:*:*:*:*:*:* |
Related
debiancve
debiancve
CVE-2014-0074
2014-10-06 14:55:08
nvd
nvd
CVE-2014-0074
2014-10-06 14:55:08
prion
prion
Authentication flaw
2014-10-06 14:55:00
cvelist
cvelist
CVE-2014-0074
2014-10-06 14:00:00
redhat
redhat
(RHSA-2014:1351) Important: Red Hat JBoss Fuse/A-MQ 6.1.0 security update
2014-10-01 18:06:06
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
High
EPSS
0.006
Percentile
79.4%
Related for CVE-2014-0074