649 matches found
CVE-2016-6802
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...
UBUNTU-CVE-2016-6802
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...
CVE-2016-6802
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...
CVE-2016-6802
CVE-2016-6802 affects Apache Shiro prior to 1.3.2. The issue allows bypass of intended servlet filters by leveraging a non-root servlet context path, enabling an attacker to gain access. The risk and exploit details are limited in the provided documents; the core vulnerability is a path/filters b...
CVE-2016-6802
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...
PT-2016-7118 · Apache +2 · Apache Shiro +2
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.3.2 Description: The issue allows attackers to bypass intended servlet filters and gain access by leveraging the use of a non-root servlet context path. Recommendations: For versions prior to 1.3.2, update to...
Apache Shiro Security Bypass Vulnerability
Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . A remote security bypass vulnerability exists in Apache Shiro. An attacker could exploit this...
[SECURITY] Fedora 25 Update: shiro-1.3.2-1.fc25
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session managemen t, single sign-on and cryptography services...
CVE-2016-6802
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...
Java Deserialization Vulnerability in Apache Shiro
Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . Apache Shiro suffers from a Java deserialization vulnerability. An attacker can exploit the vulnerabili...
Shiro RememberMe Deserialization Command Execution Vulnerability
Apache Shiro is the top project of the Apache Software Foundation, the preferred authorization verification, authorization, cryptography, and session management framework in Java applications. The JIRA for Apache Shiro mentions a security vulnerability in cookie management in Shrio. Under the rig...
Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability
Author: rungobier 知道创宇404安全实验室 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地,在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面,我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先,需要获取 Apache Shiro 存在漏洞的源代码,具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...
SOL23374214 - Apache Shiro vulnerability CVE-2016-4437
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
DEBIAN-CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
Code injection
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
UBUNTU-CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...