USN-7139-1: Apache Shiro vulnerability

It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

Apache Shiro Path Traversal Vulnerability

Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation in the United States. A path traversal vulnerability exists in Apache Shiro versions prior to 1.130, prior to 2.0.0-alpha-4, which stems fr...

Apache Shiro < 1.4.2 Padding Attack

Apache Shiro before 1.4.2, when using the default 'remember me' configuration, cookies could be susceptible to a padding attack. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc. include'compat.inc'; if...

Apache Shiro < 1.8.0 Authentication Bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

USN-4740-1: Apache Shiro vulnerabilities

It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms...