Lucene search
+L

461 matches found

BDU FSTEC
BDU FSTEC
added 2024/01/19 12:0 a.m.11 views

The vulnerability of the Apache Shiro framework, related to defects in pathname restriction for restricted directories, allows attackers to bypass the authentication process.

The vulnerability of the Apache Shiro framework is related to shortcomings in the mechanism for restricting access to restricted directories. Exploiting this vulnerability allows a malicious actor to bypass authentication processes by sending specially crafted requests...

5.8CVSS6.8AI score0.01177EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/01/16 5:48 a.m.24 views

Path Traversal

Apache Shiro is vulnerable to Path Traversal Vulnerability. The vulnerability is due to improper validation and sanitization of respective path before processing. This issue can be exploited by an attacker to perform authentication bypass...

6.5CVSS7.2AI score0.01177EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2024/01/15 12:30 p.m.7 views

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.0 <=2.0.2), ca.ibodrov.mica:mica-concord-server-plugin (>=0.0.2 <=0.0.21) +496 more potentially affected by CVE-2023-46749 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.12.0)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =2.0.0, =0.0.2, =5.1.0, =5.1.0, =5.1.0, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =2.2.0, =2.2.0, =2.2.0, =2.3.1 and more Source cves: CVE-2023-46749 Source advisory: OSV:GHSA-JC7H-C423-MPJC...

6.5CVSS6.5AI score0.01177EPSS
Exploits0
OSV
OSV
added 2024/01/15 12:30 p.m.31 views

GHSA-JC7H-C423-MPJC Apache Shiro vulnerable to path traversal

Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.5CVSS6.9AI score0.01177EPSS
Exploits0References3
NVD
NVD
added 2024/01/15 10:15 a.m.27 views

CVE-2023-46749

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.5CVSS6.7AI score0.01177EPSS
Exploits0References2
Prion
Prion
added 2024/01/15 10:15 a.m.21 views

Path traversal

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

4CVSS7.3AI score0.01177EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/15 9:57 a.m.5 views

CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.6AI score0.01177EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/01/15 9:57 a.m.56 views

CVE-2023-46749

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.5CVSS7.1AI score0.01177EPSS
Exploits0
Cvelist
Cvelist
added 2024/01/15 9:57 a.m.33 views

CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.8AI score0.01177EPSS
Exploits0References1
OSV
OSV
added 2024/01/15 9:57 a.m.22 views

CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.5CVSS5.9AI score0.01177EPSS
Exploits0References4
CVE
CVE
added 2024/01/15 9:57 a.m.107 views

CVE-2023-46749

CVE-2023-46749 affects Apache Shiro prior to 1.13.0 or 2.0.0-alpha-4, where path traversal used with path rewriting can lead to authentication bypass. This is triggered when combined with path rewriting, enabling attackers to bypass login checks. Mitigation options from multiple sources include u...

6.5CVSS6.5AI score0.01177EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2024/01/15 12:0 a.m.39 views

CVE-2023-46749

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/12 9:30 p.m.45 views

CVE-2023-46749

A flaw was found in Apache Shiro, which may allow a path traversal attack. When this issue is combined with the path rewriting feature, it can lead to an authentication bypass. Mitigation This flaw can be mitigated by making sure 'blockSemicolon' is enabled...

6.5CVSS6.3AI score0.01177EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.6 views

Apache Shiro Path Traversal Vulnerability

Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation in the United States. A path traversal vulnerability exists in Apache Shiro versions prior to 1.130, prior to 2.0.0-alpha-4, which stems fr...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.3 views

PT-2024-1139 · Apache +2 · Apache Shiro +2

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions 1.13.0 and earlier, or 2.0.0-alpha-4 and earlier Description: The issue is related to a path traversal attack that can result in an authentication bypass when used together with path rewriting. This can allow a remote...

9.8CVSS8AI score0.0968EPSS
Exploits1References27
Veracode
Veracode
added 2023/12/18 6:11 a.m.26 views

Open Redirect

Apache Shiro is vulnerable to Open Redirect. The vulnerability is due to improper sanitization and validation on URL redirection when form authentication is used. This issue can be exploited by an attacker to redirect user to untrusted sites...

6.1CVSS6.9AI score0.01496EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2023/12/18 12:0 a.m.14 views

Apache Shiro Open Redirect Vulnerability

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . Apache Shiro suffers from an open redirect vulnerability that can be exploited by a remote attacker to submit a special uri...

6.1CVSS6.6AI score0.01496EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/12/14 9:30 a.m.4 views

cloud.opencode.base:opencode-base-token (=1.0.0), io.github.junxworks:junx-ep-auth (>=2.0.0 <=2.1.0) +11 more potentially affected by CVE-2023-46750 via org.apache.shiro:shiro-web (>=2.0.0-alpha-1 <=2.0.0-alpha-3)

org.apache.shiro:shiro-web MAVEN version =2.0.0-alpha-1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-3 Source cves: CVE-2023-46750 Source advisory: OSV:GHSA-HHW5-C326-822H...

6.1CVSS6.7AI score0.01496EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/12/14 9:30 a.m.26 views

Open redirect in Apache Shiro

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.1CVSS6.5AI score0.01496EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/12/14 9:30 a.m.14 views

GHSA-HHW5-C326-822H Open redirect in Apache Shiro

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.1CVSS6.5AI score0.01496EPSS
Exploits0References7
Rows per page
Query Builder