Описание
Apache Shiro Authentication Bypass vulnerability
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-40664
- https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
- https://security.netapp.com/advisory/ntap-20221118-0005
- https://shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.html
- http://www.openwall.com/lists/oss-security/2022/10/12/1
- http://www.openwall.com/lists/oss-security/2022/10/12/2
- http://www.openwall.com/lists/oss-security/2022/10/13/1
Пакеты
Наименование
org.apache.shiro:shiro-core
maven
Затронутые версииВерсия исправления
< 1.10.0
1.10.0
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 3 лет назад
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
CVSS3: 9.8
redhat
больше 3 лет назад
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
CVSS3: 9.8
nvd
больше 3 лет назад
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
CVSS3: 9.8
debian
больше 3 лет назад
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shi ...