Lucene search
+L

649 matches found

OSV
OSV
added 2016/09/20 7:59 p.m.5 views

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

7.5CVSS7.5AI score
Exploits0References3
OSV
OSV
added 2016/09/20 7:59 p.m.7 views

UBUNTU-CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

7.5CVSS7.1AI score0.0968EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2016/09/20 7:0 p.m.43 views

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

7.5CVSS7.6AI score0.0968EPSS
Exploits1
CVE
CVE
added 2016/09/20 7:0 p.m.77 views

CVE-2016-6802

CVE-2016-6802 affects Apache Shiro prior to 1.3.2. The issue allows bypass of intended servlet filters by leveraging a non-root servlet context path, enabling an attacker to gain access. The risk and exploit details are limited in the provided documents; the core vulnerability is a path/filters b...

7.5CVSS7.4AI score0.0968EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2016/09/20 7:0 p.m.26 views

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

7.5AI score0.0968EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2016/09/20 12:0 a.m.3 views

PT-2016-7118 · Apache +2 · Apache Shiro +2

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.3.2 Description: The issue allows attackers to bypass intended servlet filters and gain access by leveraging the use of a non-root servlet context path. Recommendations: For versions prior to 1.3.2, update to...

9.8CVSS8.1AI score0.0968EPSS
Exploits1References26
CNVD
CNVD
added 2016/09/19 12:0 a.m.4 views

Apache Shiro Security Bypass Vulnerability

Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . A remote security bypass vulnerability exists in Apache Shiro. An attacker could exploit this...

7.5CVSS7.2AI score0.0968EPSS
Exploits1References1
Fedora
Fedora
added 2016/09/17 10:35 p.m.35 views

[SECURITY] Fedora 25 Update: shiro-1.3.2-1.fc25

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session managemen t, single sign-on and cryptography services...

7.5CVSS2.7AI score0.0968EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2016/09/14 7:48 a.m.18 views

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

7.5CVSS5.4AI score0.0968EPSS
Exploits1References1
CNVD
CNVD
added 2016/08/09 12:0 a.m.2 views

Java Deserialization Vulnerability in Apache Shiro

Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . Apache Shiro suffers from a Java deserialization vulnerability. An attacker can exploit the vulnerabili...

8.2AI score
Exploits0References1
CNVD
CNVD
added 2016/08/04 12:0 a.m.2 views

Shiro RememberMe Deserialization Command Execution Vulnerability

Apache Shiro is the top project of the Apache Software Foundation, the preferred authorization verification, authorization, cryptography, and session management framework in Java applications. The JIRA for Apache Shiro mentions a security vulnerability in cookie management in Shrio. Under the rig...

6.8AI score
Exploits0References1
seebug.org
seebug.org
added 2016/07/25 12:0 a.m.37 views

Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability

Author: rungobier 知道创宇404安全实验室 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地,在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面,我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先,需要获取 Apache Shiro 存在漏洞的源代码,具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...

6.9AI score
Exploits0
F5 Networks
F5 Networks
added 2016/07/07 12:0 a.m.72 views

SOL23374214 - Apache Shiro vulnerability CVE-2016-4437

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.4AI score0.92988EPSS
Exploits9References4
NVD
NVD
added 2016/06/07 2:6 p.m.37 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS8.4AI score0.92988EPSS
Exploits9References8
OSV
OSV
added 2016/06/07 2:6 p.m.2 views

DEBIAN-CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS9.4AI score0.92988EPSS
Exploits9References1
OSV
OSV
added 2016/06/07 2:6 p.m.11 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS9.8AI score0.92988EPSS
Exploits9References8
Prion
Prion
added 2016/06/07 2:6 p.m.25 views

Code injection

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

6.8CVSS8.2AI score0.92988EPSS
Exploits9References7Affected Software1
UbuntuCve
UbuntuCve
added 2016/06/07 2:6 p.m.38 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS7.2AI score0.92988EPSS
Exploits9References3
OSV
OSV
added 2016/06/07 2:6 p.m.6 views

UBUNTU-CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS6.2AI score0.92988EPSS
Exploits9References4
Debian CVE
Debian CVE
added 2016/06/07 2:0 p.m.51 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS9AI score0.92988EPSS
Exploits9
Rows per page
Query Builder