Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2020-13933

🗓️ 17 Aug 2020 20:19:53Reported by apacheType 
cve
 cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 157 Views🌐 WEB

Apache Shiro < 1.6.0 allows authentication bypass via crafted HTTP request

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2020-13933
9 Sep 202010:20
githubexploit
GithubExploit		Exploit for CVE-2020-13933
9 Sep 202010:20
githubexploit
IBM Security Bulletins		Security Bulletin: Apache Shiro as used by Master Console is vulnerable to improper acceess control (CVE-2020-13933)
18 Nov 202021:15
ibm
IBM Security Bulletins		Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
24 Sep 202116:54
ibm
IBM Security Bulletins		Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities
14 Oct 202121:21
ibm
Tenable Nessus		Apache Shiro < 1.6.0 Authentication Bypass
1 Jun 202200:00
nessus
Tenable Nessus		Debian DLA-2726-1 : shiro - LTS security update
5 Aug 202100:00
nessus
Tenable Nessus		Ubuntu 18.04 ESM / 20.04 LTS : Apache Shiro vulnerabilities (USN-6352-1)
7 Sep 202300:00
nessus
Tenable Nessus		Linux Distros Unpatched Vulnerability : CVE-2020-13933
27 Aug 202500:00
nessus
Circl		CVE-2020-13933
24 Jan 202322:52
circl
Rows per page
NVD
Vulners
Node
apacheshiroRange<1.6.0
Node
debiandebian_linuxMatch9.0
[
  {
    "product": "Apache Shiro",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Shiro before version 1.6.0"
      }
    ]
  }
]
SourceLink
listswww.lists.apache.org/thread.html/r4506cedc401d6b8de83787f8436aac83956e411d66848c84785db46d%40%3Cdev.shiro.apache.org%3E
listswww.lists.apache.org/thread.html/r8097b81905f2a113ebdf925bcbc6d8c9d6863c807c9ee42e1e7c9293%40%3Cdev.shiro.apache.org%3E
listswww.lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
listswww.lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129%40%3Cdev.shiro.apache.org%3E
listswww.lists.debian.org/debian-lts-announce/2021/08/msg00002.html
listswww.lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb%40%3Cdev.shiro.apache.org%3E
listswww.lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc%40%3Cdev.shiro.apache.org%3E
listswww.lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d%40%3Cdev.shiro.apache.org%3E
listswww.lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198%40%3Cdev.geode.apache.org%3E
listswww.lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4%40%3Cdev.shiro.apache.org%3E
Rows per page
ParameterPositionPathDescriptionCWE
namepathres/{name}Requests resources named name that trigger identity verification (potential authentication bypass when crafted path).
namepathres/pocPoC resource request that triggers identity verification bypass when a specific resource is requested.
namepathres/%3bpocEncoded-poof resource request (path contains %3b) to trigger authentication handling bypass.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:02Current
7.5High risk
Vulners AI Score7.5
CVSS 25
CVSS 3.17.5
EPSS0.8093
apache shirocve-2020-13933authentication bypassnvd
157