Lucene search
+L

11 matches found

vulnersosv
vulnersosv
added 2021/05/07 3:53 p.m.3 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +2748 more potentially affected by CVE-2020-11989 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.5.2)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.0, =0.1, =0.1, =0.1, =0.2 and more Source cves: CVE-2020-11989 Source advisory: OSV:GHSA-72W9-FCJ5-3FCG...

9.8CVSS7.2AI score0.24436EPSS
Exploits1
nessus
nessus
added 2021/03/23 12:0 a.m.40 views

Ubuntu 18.04 LTS / 20.04 LTS : Apache Shiro vulnerabilities (USN-4740-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4740-1 advisory. It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication...

9.8CVSS8.3AI score0.24436EPSS
Exploits1References3
redhat
redhat
added 2020/12/16 12:11 p.m.179 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update

A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

9.8CVSS8AI score0.95586EPSS
Exploits12References39
openvas
openvas
added 2020/07/17 12:0 a.m.34 views

Debian: Security Advisory (DLA-2273-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.24436EPSS
Exploits1References3
nessus
nessus
added 2020/07/09 12:0 a.m.36 views

Debian DLA-2273-1 : shiro security update

It was discovered that there was two issues in shiro, a security framework for Java application : - CVE-2020-1957: Fix a path-traversal issue where a specially crafted request could cause an authentication bypass. - CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous...

9.8CVSS8.1AI score0.24436EPSS
Exploits1References4
debian
debian
added 2020/07/08 2:55 p.m.40 views

[SECURITY] [DLA 2273-1] shiro security update

Package : shiro Version : 1.3.2-1+deb9u1 CVE IDs : CVE-2020-1957 CVE-2020-11989 Debian Bug : 955018 It was discovered that there was two issues in shiro, a security framework for Java application: CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an...

9.8CVSS9.8AI score0.24436EPSS
Exploits1
osv
osv
added 2020/06/22 7:15 p.m.23 views

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS6.9AI score
Exploits0References7
nvd
nvd
added 2020/06/22 7:15 p.m.18 views

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS0.24436EPSS
Exploits1References7
ubuntucve
ubuntucve
added 2020/06/22 7:15 p.m.37 views

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS7.2AI score0.24436EPSS
Exploits1References4
cve
cve
added 2020/06/22 6:6 p.m.157 views

CVE-2020-11989

CVE-2020-11989 affects Apache Shiro prior to 1.5.3 when used with Spring dynamic controllers; a specially crafted request may bypass authentication. The vulnerability context is confirmed across multiple sources (NVD entry and Nessus/OpenVAS entries). Remediation can be upgrading to Apache Shiro ...

9.8CVSS9.3AI score0.24436EPSS
Exploits1References7Affected Software1
debiancve
debiancve
added 2020/06/22 6:6 p.m.30 views

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS9AI score0.24436EPSS
Exploits1
Rows per page
Query Builder