CVE-2021-41303

Опубликовано: 17 сент. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

Ссылки

https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
Mailing List
Vendor Advisory
https://security.netapp.com/advisory/ntap-20220609-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
Mailing List
Vendor Advisory
https://security.netapp.com/advisory/ntap-20220609-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*

Версия до 1.8.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.53416

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-41303

CVSS3: 9.8

ubuntu

больше 4 лет назад

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

CVE-2021-41303

CVSS3: 9.8

redhat

больше 4 лет назад

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

CVE-2021-41303

CVSS3: 9.8

debian

больше 4 лет назад

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...

GHSA-f6jp-j6w3-w9hm

CVSS3: 9.8

github

больше 4 лет назад

Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass

BDU:2021-04821

CVSS3: 9.8

fstec

больше 4 лет назад

Уязвимость фреймворка Apache Shiro, связанная с недостатками механизма аутентификации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 98%

0.53416

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

NVD-CWE-noinfo