461 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-41303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to...
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities
Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Dashboards on Cloud Pak. IBM Cognos Dashboards on Cloud Pak has addressed these vulnerabilities by upgrading IBM® Java™. There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards ...
Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...
Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a vulnerability in Cassandra Reaper
Summary Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...
CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...
Ubuntu: Security Advisory (USN-7147-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7147-1: Apache Shiro vulnerabilities
It was discovered that Apache Shiro incorrectly handled path traversal when used with other web frameworks or path rewriting. An attacker could possibly use this issue to obtain sensitive information or administrative privileges. This update provides the corresponding fix for Ubuntu 24.04 LTS and...
Ubuntu 16.04 LTS / 24.04 LTS / 24.10 : Apache Shiro vulnerabilities (USN-7147-1)
The remote Ubuntu 16.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7147-1 advisory. It was discovered that Apache Shiro incorrectly handled path traversal when used with other web frameworks or path rewriting. An...
USN-7139-1 shiro vulnerability
It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...
USN-7139-1: Apache Shiro vulnerability
It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...
Ubuntu 16.04 LTS : Apache Shiro vulnerability (USN-7139-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7139-1 advisory. It was discovered that Apache Shiro used a static cipher within the Remember Me feature inside authentication by default. An attacker could possibly use this issu...
shiro: path traversal attack may lead to authentication bypass
A flaw was found in Apache Shiro, which may allow a path traversal attack. When this issue is combined with the path rewriting feature, it can lead to an authentication bypass...
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack (CVE-2023-34478)
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable directory traversal due to Apache Shiro (CVE-2023-34478)
Summary IBM Sterling Partner Engagement Manager uses Apache Shiro. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34478 DESCRIPTION: Apache Shiro could allow a remote authenticated attacker to traverse directories on the system, cause...
The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications, related to interpretation conflicts, allows attackers to bypass authentication procedures.
The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures using a specially crafted HTTP reques...
IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)
The version of IBM Engineering Requirements Management DOORS formerly IBM Rational DOORS installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory. - Apache Shiro before 1.9.1, A RegexRequestMatcher can b...
Security Bulletin: Vulnerability in Apache Shiro affects IBM WebSphere Service Registry and Repository
Summary A bypass access restrictions vulnerability in Apache Shiro CVE-2023-22602 affects IBM WebSphere Service Registry and Repository. This bulletin identifies the steps to take to address this vulnerability. Vulnerability Details CVEID:CVE-2023-22602 DESCRIPTION: Apache Shiro could allow a...
Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository
Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...