4 matches found
CVE-2026-23901
CVE-2026-23901 describes an observable timing discrepancy vulnerability in Apache Shiro affecting 1.* and 2.* before 2.0.7. The issue allows a local brute-force-style timing difference to reveal whether a username exists or a password is incorrect, enabling username enumeration. The most likely a...
Linux Distros Unpatched Vulnerability : CVE-2026-23903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to versio...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
DEBIAN-CVE-2023-22602
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...