Lucene search
K

16 matches found

vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.4 views

com.github.fangjinuo.agileway:agileway-shiro-redis (>=2.3.3 <=3.1.12), com.github.fangjinuo.agileway:agileway-shiro-redis-springdata2 (>=2.4.2 <=3.1.12) +27 more potentially affected by CVE-2026-43827 via org.apache.shiro:shiro-web (=3.0.0-alpha-1)

org.apache.shiro:shiro-web MAVEN version =3.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-web and may be impacted: - com.github.fangjinuo.agileway:agileway-shiro-redis =2.3.3, =2.4.2, =0.0.3, =0.0.3, =0.0.3, =0.0.3,...

6.5CVSS5.7AI score0.00412EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.4 views

ca.ibodrov.concord:mcp-for-concord (>=0.0.1 <=0.0.2), ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5) +182 more potentially affected by CVE-2026-43827 via org.apache.shiro:shiro-web (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-web MAVEN version =2.0.0-alpha-1, =0.0.1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =8.0.0, =8.0.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-43827 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17116506...

6.5CVSS5.7AI score0.00412EPSS
Exploits0
Snyk
Snyk
added 2026/05/25 11:19 p.m.7 views

Session Fixation

Overview org.apache.shiro:shiro-web is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Session Fixation during the login operation in DefaultSecurityManager.ja...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.4 views

com.github.fangjinuo.agileway:agileway-shiro-redis (>=2.3.3 <=3.1.12), com.github.fangjinuo.agileway:agileway-shiro-redis-springdata2 (>=2.4.2 <=3.1.12) +27 more potentially affected by CVE-2026-43828 via org.apache.shiro:shiro-web (=3.0.0-alpha-1)

org.apache.shiro:shiro-web MAVEN version =3.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-web and may be impacted: - com.github.fangjinuo.agileway:agileway-shiro-redis =2.3.3, =2.4.2, =0.0.3, =0.0.3, =0.0.3, =0.0.3,...

6.5CVSS5.7AI score0.00272EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.5 views

ca.ibodrov.concord:mcp-for-concord (>=0.0.1 <=0.0.2), ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5) +182 more potentially affected by CVE-2026-43828 via org.apache.shiro:shiro-web (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-web MAVEN version =2.0.0-alpha-1, =0.0.1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =8.0.0, =8.0.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-43828 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17116502...

6.5CVSS5.7AI score0.00272EPSS
Exploits0
Snyk
Snyk
added 2026/05/25 11:19 p.m.7 views

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview org.apache.shiro:shiro-web is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the form...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/12/14 9:30 a.m.7 views

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.0 <=2.0.2), ca.ibodrov.mica:mica-concord-server-plugin (>=0.0.2 <=0.0.21) +273 more potentially affected by CVE-2023-46750 via org.apache.shiro:shiro-web (>=1.0.0-incubating <=1.12.0)

org.apache.shiro:shiro-web MAVEN version =1.0.0-incubating, =2.0.0, =0.0.2, =2.2.0, =2.2.0, =2.2.0, =2.8.0, =2.8.0, =2.8.0, =2.8.0, =3.0.0, =2.8.0, =5.0, =5.0, =5.5.2 and more Source cves: CVE-2023-46750 Source advisory: OSV:GHSA-HHW5-C326-822H...

6.1CVSS6.7AI score0.01496EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/14 9:30 a.m.4 views

cloud.opencode.base:opencode-base-token (=1.0.0), io.github.junxworks:junx-ep-auth (>=2.0.0 <=2.1.0) +11 more potentially affected by CVE-2023-46750 via org.apache.shiro:shiro-web (>=2.0.0-alpha-1 <=2.0.0-alpha-3)

org.apache.shiro:shiro-web MAVEN version =2.0.0-alpha-1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-3 Source cves: CVE-2023-46750 Source advisory: OSV:GHSA-HHW5-C326-822H...

6.1CVSS6.7AI score0.01496EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/07/24 9:30 p.m.4 views

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.0 <=2.0.2), ca.ibodrov.mica:mica-concord-server-plugin (>=0.0.2 <=0.0.21) +257 more potentially affected by CVE-2023-34478 via org.apache.shiro:shiro-web (>=1.0.0-incubating <=1.11.0)

org.apache.shiro:shiro-web MAVEN version =1.0.0-incubating, =2.0.0, =0.0.2, =2.2.0, =2.2.0, =2.2.0, =2.8.0, =2.8.0, =2.8.0, =2.8.0, =3.0.0, =2.8.0, =5.0, =5.0, =5.5 and more Source cves: CVE-2023-34478 Source advisory: OSV:GHSA-PMHC-2G4F-85CG...

9.8CVSS7.1AI score0.01533EPSS
Exploits0
Gitee
Gitee
added 2023/02/16 12:17 a.m.7 views

Exploit for CVE-2020-13933

CVE-2020-13933 靶场 shiro 权限配置, 当请求 /res/ 资源时, 302 跳转到登陆页面进行身份认证 - NameController.java: · /res/name: 请求名为 name 的的资源(触发身份认证) · /res/: 不请求任何资源(不触发身份认证) 靶场验证 不在请求路由中指定资源名称时,不触发身份验证,也无资源返回: http://127.0.0.1:8080/res/ 在请求路由中指定资源名称时,302 跳转到身份验证页面: http://127.0.0.1:8080/res/poc 构造特定 PoC...

7.5CVSS9.4AI score0.48019EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/10/12 12:0 p.m.5 views

org.apache.camel:camel-shiro (=2.5.0), org.apache.shiro.samples:samples-aspectj (=1.0.0-incubating) +29 more potentially affected by CVE-2022-40664 via org.apache.shiro:shiro-core (=1.0.0-incubating)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-core and may be impacted: - org.apache.camel:camel-shiro =2.5.0 - org.apache.shiro.samples:samples-aspectj...

9.8CVSS7.2AI score0.0221EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 2:46 a.m.6 views

br.com.caelum.vraptor:vraptor-shiro (>=4.0.0-RC2 <=4.0.0-beta-1), ca.ibodrov.concord:repository-browser-plugin (>=1.0.0 <=1.0.1) +814 more potentially affected by CVE-2016-6802 via org.apache.shiro:shiro-web (>=1.0.0-incubating <=1.3.1)

org.apache.shiro:shiro-web MAVEN version =1.0.0-incubating, =4.0.0-RC2, =1.0.0, =2.0.0, =0.0.2, =0.1, =0.1, =0.1, =2.1.0-RELEASE, =1.0, =1.0.3 - cn.org.awcp:awcp-formdesigner-applicationImpl =1.0-RELEASE - cn.org.awcp:awcp-metadesigner-applicationImpl =1.0-RELEASE -...

7.5CVSS7AI score0.0968EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/09 10:3 p.m.4 views

br.com.caelum.vraptor:vraptor-shiro (>=4.0.0-RC2 <=4.0.0-beta-1), br.eti.arthurgregorio:shiro-ee (>=1.0.0 <=1.5.1) +1728 more potentially affected by CVE-2020-17523 via org.apache.shiro:shiro-web (>=1.0.0-incubating <=1.7.0)

org.apache.shiro:shiro-web MAVEN version =1.0.0-incubating, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.0, =1.0.0, =0.1, =0.1, =0.1, =0.2 and more Source cves: CVE-2020-17523 Source advisory: OSV:GHSA-V98J-7CRC-WVRJ...

9.8CVSS7.2AI score0.85911EPSS
Exploits2
Veracode
Veracode
added 2020/08/18 3:2 a.m.48 views

Authentication Bypass

shiro-web is vulnerable to authentication bypass. An ArrayIndexOutOfBoundsException in Base64decode causes an invalid session cookie to be parsed as valid...

7.5CVSS4.2AI score0.48019EPSS
Exploits3References33Affected Software2
Veracode
Veracode
added 2020/06/23 2:26 a.m.31 views

Authentication Bypass

Apache Shiro-web is vulnerable to authentication bypass. Lack of proper handling of servletPath parameter in the request allows an attacker to inject malicious string via the request parameter and bypass authentication...

9.8CVSS3.7AI score0.24436EPSS
Exploits1References16Affected Software1
Veracode
Veracode
added 2019/12/02 7:59 a.m.7 views

Information Disclosure

shiro-web is vulnerable to information disclosure. The vulnerability exists as a user can use requestURI + "/" to bypass the chain filter protection and access resources that are otherwise restricted...

1.3AI score
Exploits0
Rows per page
Query Builder