460 matches found
Apache Shiro Information Disclosure Vulnerability
Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . An information disclosure vulnerability exists in Apache Shiro versions 1.0.0 through 1.2.4, which stem...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the “remember me” feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Recent assessments: sv3nbeast at April 17, 2020 12:15pm UTC reported: ...
Important: Red Hat Security Advisory: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update
Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P6 Patch 6 on Rollup Patch 1, which addresses three security issues, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
CVE-2014-0074
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...
CVE-2014-0074
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...
DEBIAN-CVE-2014-0074
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...
Authentication flaw
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...
CVE-2014-0074
CVE-2014-0074 affects Apache Shiro 1.x before 1.2.3 when an LDAP server allows unauthenticated binds, enabling bypass of authentication. The Red Hat advisory RHSA-2014:1369 notes this issue is addressed in Fuse ESB Enterprise/MQ Enterprise 7.1.0 with Rollup Patch 1 (7.1.0 R1 P6). The vulnerabilit...
CVE-2014-0074
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...
CVE-2014-0074
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...
Application Security With Apache Shiro : Java security framework
Application Security With Apache Shiro : Java security framework Are you frustrated when you try to secure your applications? Do you feel existing Java security solutions are difficult to use and only confuse you further? Les Hazlewood is the Apache Shiro PMC Chair and co-founder and CTO of...
Apache Shiro URI Path Security Directory Traversal Information Disclosure
The version of the Apache Shiro open source security framework running on the remote web server is affected by an error in the path-based filter chain mechanism due to a failure to properly normalize URI paths before comparing them with entries in the shiro.ini file. An unauthenticated, remote...
CVE-2010-3863
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI...
Design/Logic Flaw
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI...
CVE-2010-3863
CVE-2010-3863 affects Apache Shiro (before 1.1.0) and JSecurity 0.9.x. The root cause is failure to canonicalize URI paths before comparing them to entries in the shiro.ini filter, allowing a remote attacker to bypass access restrictions with crafted requests such as GET /./account/index.jsp. The...
Apache Shiro protection bypass
Protection bypass via directory traversal...
Apache Shiro Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...
CVE-2010-3863: Apache Shiro information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...
Apache Shiro - Directory Traversal
Apache Shiro - Directory Traversal source: https://www.securityfocus.com/bid/44616/info Apache Shiro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that coul...
Apache Shiro - Directory Traversal
source: https://www.securityfocus.com/bid/44616/info Apache Shiro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Apache...