Lucene search
K

4 matches found

CVE
CVE
added 2026/02/10 9:25 a.m.21 views

CVE-2026-23901

CVE-2026-23901 describes an observable timing discrepancy vulnerability in Apache Shiro affecting 1.* and 2.* before 2.0.7. The issue allows a local brute-force-style timing difference to reveal whether a username exists or a password is incorrect, enabling username enumeration. The most likely a...

2.5CVSS5.6AI score0.00219EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to versio...

5.3CVSS7.2AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2026/02/09 10:15 a.m.4 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2023/01/14 10:15 a.m.2 views

DEBIAN-CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.2AI score0.01553EPSS
Exploits0References1
Rows per page
Query Builder