2 matches found
CVE-2010-3863
CVE-2010-3863 affects Apache Shiro (before 1.1.0) and JSecurity 0.9.x. The root cause is failure to canonicalize URI paths before comparing them to entries in the shiro.ini filter, allowing a remote attacker to bypass access restrictions with crafted requests such as GET /./account/index.jsp. The...
Apache Shiro Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...