Lucene search
+L

461 matches found

NVD
NVD
added 2023/12/14 9:15 a.m.11 views

CVE-2023-46750

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.1CVSS0.01496EPSS
Exploits0References3
OSV
OSV
added 2023/12/14 9:15 a.m.4 views

DEBIAN-CVE-2023-46750

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.1CVSS6.5AI score0.01496EPSS
Exploits0References1
Prion
Prion
added 2023/12/14 9:15 a.m.13 views

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

5.8CVSS7.3AI score0.01496EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/14 9:15 a.m.4 views

UBUNTU-CVE-2023-46750

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.1CVSS7.1AI score0.01496EPSS
Exploits0References4
CVE
CVE
added 2023/12/14 8:15 a.m.64 views

CVE-2023-46750

CVE-2023-46750 is an Open Redirect vulnerability in Apache Shiro triggered when using form authentication. Public references in Nessus/Ubuntu advisories and IBM/NCSC entries confirm the issue affects Apache Shiro components and can enable phishing via URL redirection to untrusted sites. The mitig...

6.1CVSS6.6AI score0.01496EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/14 8:15 a.m.8 views

CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.7AI score0.01496EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/14 8:15 a.m.34 views

CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.6AI score0.01496EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/12/14 8:15 a.m.22 views

CVE-2023-46750

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.1CVSS7.1AI score0.01496EPSS
Exploits0
OSV
OSV
added 2023/12/14 8:15 a.m.16 views

CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

4.7CVSS6.7AI score0.01496EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2023/12/14 7:31 a.m.34 views

CVE-2023-46750

An "Open-Redirect" flaw was found in the Apache Shiro project. This issue may allow remote attackers to redirect legitimate users to arbitrary web sites containing malware that can compromise the user's machine and conduct phishing attacks to steal the user's credentials. Mitigation Mitigation fo...

6.1CVSS6.2AI score0.01496EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.7 views

Apache Shiro 输入验证错误漏洞

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . Apache Shiro suffers from an open redirect vulnerability that can be exploited by a remote attacker to submit a special uri...

6.1CVSS6.7AI score0.01496EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/12/14 12:0 a.m.22 views

CVE-2023-46750

URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...

6.1CVSS6.8AI score0.01496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.7 views

PT-2023-30183 · Apache +3 · Apache Shiro +3

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.13.0 Apache Shiro versions 2.0.0-alpha-1 through 2.0.0-alpha-3 Description: The issue is related to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apach...

9.8CVSS7.9AI score0.0968EPSS
Exploits1References31
Veracode
Veracode
added 2023/10/13 6:43 p.m.19 views

Authentication Bypass

org.apache.shiro: shiro-spring is vulnerable to Authentication Bypass. The vulnerability is due to different pattern matching techniques between Spring-Boot 2.6+ and Apache Shiro. This can result in an authentication bypass. As a workaround, set the following Spring Boot configuration value:...

7.5CVSS7AI score0.01553EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/25 12:0 a.m.73 views

Apache Shiro < 1.11.0 Authentication Bypass

Apache Shiro before 1.11.0, when using Apache Shiro with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to An...

7.5CVSS7.3AI score0.01553EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/09/08 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-6352-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.48019EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2023/09/07 1:36 a.m.63 views

USN-6352-1: Apache Shiro vulnerabilities

It was discovered that Apache Shiro incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to bypass security restrictions. CVE-2020-13933, CVE-2020-17510...

9.8CVSS8AI score0.48019EPSS
Exploits3
OSV
OSV
added 2023/09/07 1:36 a.m.4 views

USN-6352-1 shiro vulnerabilities

It was discovered that Apache Shiro incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to bypass security restrictions. CVE-2020-13933, CVE-2020-17510...

9.8CVSS7.3AI score0.48019EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.9 views

The vulnerability of the Apache Shiro framework, related to the absence of authentication procedures, allows attackers to upload specially created malicious files.

The vulnerability of the Apache Shiro framework is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to download a specially created malware file remotely...

10CVSS7.7AI score0.09056EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.7 views

The vulnerability of the Apache Shiro framework, related to defects in the authentication process, allows attackers to bypass existing security restrictions.

The vulnerability of the Apache Shiro framework is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions from a remote location...

7.5CVSS7.3AI score0.48019EPSS
Exploits3References5Affected Software2
Rows per page
Query Builder