Lucene search
+L

12 matches found

Tenable Nessus
Tenable Nessus
added 2022/06/01 12:0 a.m.30 views

Apache Shiro < 1.5.2 Authentication Bypass

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

9.8CVSS8.2AI score0.24163EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/05/07 3:53 p.m.5 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +2724 more potentially affected by CVE-2020-1957 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.5.1)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.0, =0.1, =0.1, =0.1, =0.2 and more Source cves: CVE-2020-1957 Source advisory: OSV:GHSA-26GR-CVQ3-QXGF...

9.8CVSS7.2AI score0.24163EPSS
Exploits1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-1957

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS7.3AI score0.24163EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.41 views

Ubuntu 18.04 LTS / 20.04 LTS : Apache Shiro vulnerabilities (USN-4740-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4740-1 advisory. It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication...

9.8CVSS8.3AI score0.24436EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2020/07/17 12:0 a.m.34 views

Debian: Security Advisory (DLA-2273-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.24436EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.37 views

Debian DLA-2273-1 : shiro security update

It was discovered that there was two issues in shiro, a security framework for Java application : - CVE-2020-1957: Fix a path-traversal issue where a specially crafted request could cause an authentication bypass. - CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous...

9.8CVSS8.1AI score0.24436EPSS
Exploits1References4
Debian
Debian
added 2020/07/08 2:55 p.m.46 views

[SECURITY] [DLA 2273-1] shiro security update

Package : shiro Version : 1.3.2-1+deb9u1 CVE IDs : CVE-2020-1957 CVE-2020-11989 Debian Bug : 955018 It was discovered that there was two issues in shiro, a security framework for Java application: CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an...

9.8CVSS9.8AI score0.24436EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/04/20 12:0 a.m.79 views

Debian: Security Advisory (DLA-2181-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.24163EPSS
Exploits1References3
NVD
NVD
added 2020/03/25 4:15 p.m.19 views

CVE-2020-1957

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS9.6AI score0.24163EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2020/03/25 4:15 p.m.47 views

CVE-2020-1957

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS7.2AI score0.24163EPSS
Exploits1References6
CVE
CVE
added 2020/03/25 3:24 p.m.286 views

CVE-2020-1957

CVE-2020-1957 is an authentication bypass in Apache Shiro prior to 1.5.2 when used with Spring dynamic controllers; a specially crafted request can bypass authentication. Credible connected sources (NVD entry and Nessus/OSS advisories) confirm the issue and reference additional context, including...

9.8CVSS9.3AI score0.24163EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2020/03/25 3:24 p.m.34 views

CVE-2020-1957

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS9AI score0.24163EPSS
Exploits1
Rows per page
Query Builder