Lucene search
K

460 matches found

CNVD
CNVD
added 2016/06/07 12:0 a.m.2 views

Apache Shiro Information Disclosure Vulnerability

Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . An information disclosure vulnerability exists in Apache Shiro versions 1.0.0 through 1.2.4, which stem...

9.8CVSS9AI score0.93143EPSS
Exploits9References1
ATTACKERKB
ATTACKERKB
added 2016/06/07 12:0 a.m.169 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the “remember me” feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Recent assessments: sv3nbeast at April 17, 2020 12:15pm UTC reported: ...

9.8CVSS9.2AI score0.93143EPSS
In wildExploits9References8
RedHat Linux
RedHat Linux
added 2014/10/09 4:7 p.m.62 views

Important: Red Hat Security Advisory: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update

Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P6 Patch 6 on Rollup Patch 1, which addresses three security issues, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

7.5CVSS7.3AI score0.13809EPSS
Exploits4References6
NVD
NVD
added 2014/10/06 2:55 p.m.19 views

CVE-2014-0074

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...

7.5CVSS7.1AI score0.05487EPSS
Exploits1References3
OSV
OSV
added 2014/10/06 2:55 p.m.5 views

CVE-2014-0074

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...

7.3AI score
Exploits0References4
OSV
OSV
added 2014/10/06 2:55 p.m.2 views

DEBIAN-CVE-2014-0074

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...

7.5CVSS7.4AI score0.05487EPSS
Exploits1References1
Prion
Prion
added 2014/10/06 2:55 p.m.18 views

Authentication flaw

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...

7.5CVSS7.6AI score0.05487EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/10/06 2:0 p.m.70 views

CVE-2014-0074

CVE-2014-0074 affects Apache Shiro 1.x before 1.2.3 when an LDAP server allows unauthenticated binds, enabling bypass of authentication. The Red Hat advisory RHSA-2014:1369 notes this issue is addressed in Fuse ESB Enterprise/MQ Enterprise 7.1.0 with Rollup Patch 1 (7.1.0 R1 P6). The vulnerabilit...

7.5CVSS8.8AI score0.05487EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/10/06 2:0 p.m.24 views

CVE-2014-0074

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...

7.1AI score0.05487EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2014/10/06 2:0 p.m.33 views

CVE-2014-0074

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...

7.5CVSS8.8AI score0.05487EPSS
Exploits1
The Hacker News
The Hacker News
added 2012/02/02 6:43 a.m.15 views

Application Security With Apache Shiro : Java security framework

Application Security With Apache Shiro : Java security framework Are you frustrated when you try to secure your applications? Do you feel existing Java security solutions are difficult to use and only confuse you further? Les Hazlewood is the Apache Shiro PMC Chair and co-founder and CTO of...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/11/15 12:0 a.m.572 views

Apache Shiro URI Path Security Directory Traversal Information Disclosure

The version of the Apache Shiro open source security framework running on the remote web server is affected by an error in the path-based filter chain mechanism due to a failure to properly normalize URI paths before comparing them with entries in the shiro.ini file. An unauthenticated, remote...

5CVSS5.7AI score0.54799EPSS
Exploits2References2
NVD
NVD
added 2010/11/05 5:0 p.m.28 views

CVE-2010-3863

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI...

5CVSS6.5AI score0.54799EPSS
Exploits2References7
Prion
Prion
added 2010/11/05 5:0 p.m.20 views

Design/Logic Flaw

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI...

5CVSS7.1AI score0.54799EPSS
Exploits2References7Affected Software2
CVE
CVE
added 2010/11/05 4:28 p.m.98 views

CVE-2010-3863

CVE-2010-3863 affects Apache Shiro (before 1.1.0) and JSecurity 0.9.x. The root cause is failure to canonicalize URI paths before comparing them to entries in the shiro.ini filter, allowing a remote attacker to bypass access restrictions with crafted requests such as GET /./account/index.jsp. The...

5CVSS6.5AI score0.54799EPSS
Exploits2References7Affected Software2
securityvulns
securityvulns
added 2010/11/04 12:0 a.m.52 views

Apache Shiro protection bypass

Protection bypass via directory traversal...

5CVSS4.6AI score0.54799EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2010/11/04 12:0 a.m.78 views

Apache Shiro Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...

5CVSS6.6AI score0.54799EPSS
Exploits2
securityvulns
securityvulns
added 2010/11/04 12:0 a.m.141 views

CVE-2010-3863: Apache Shiro information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...

5CVSS5.8AI score0.54799EPSS
Exploits2
exploitpack
exploitpack
added 2010/11/02 12:0 a.m.18 views

Apache Shiro - Directory Traversal

Apache Shiro - Directory Traversal source: https://www.securityfocus.com/bid/44616/info Apache Shiro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that coul...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2010/11/02 12:0 a.m.66 views

Apache Shiro - Directory Traversal

source: https://www.securityfocus.com/bid/44616/info Apache Shiro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Apache...

7.4AI score
Exploits0
Rows per page
Query Builder