CVE search results

11 – 15 of 15 results

Detailed view

Sort by:

CVE-2020-11989

Medium priority

Some fixes available 2 of 12

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

1 affected packages

shiro

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
shiro	Needs evaluation	Needs evaluation	Fixed	Fixed	Needs evaluation

CVE-2020-1957

Medium priority

Some fixes available 2 of 12

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

1 affected packages

shiro

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
shiro	Needs evaluation	Needs evaluation	Fixed	Fixed	Needs evaluation

CVE-2019-12422

Medium priority

Needs evaluation

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

1 affected packages

shiro

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
shiro	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2016-6802

Medium priority

Vulnerable

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

1 affected packages

shiro

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
shiro	Not affected	Not affected	Not affected	Not affected	Vulnerable

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

1 affected packages

shiro

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
shiro	Not affected	Not affected	Not affected	Not affected	Vulnerable

Export to JSON

Results by page:

Search CVE reports

CVE-2020-11989

CVE-2020-1957

CVE-2019-12422

CVE-2016-6802

CVE-2016-4437