Описание
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
A flaw was found in Apache Shiro in versions prior to 1.6.0. A specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality.
Меры по смягчению последствий
There is currently no known mitigation for this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Integration Camel K 1 | camel-shiro | Not affected | ||
| Red Hat JBoss Fuse 6 | shiro-core | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | shiro-core | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Not affected | ||
| Red Hat Fuse 7.8.0 | shiro-core | Fixed | RHSA-2020:5568 | 16.12.2020 |
| Red Hat Fuse/AMQ 6.3.18 | shiro-core | Fixed | RHSA-2021:0384 | 02.02.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...
Уязвимость фреймворка Apache Shiro, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти существующие ограничения безопасности
7.5 High
CVSS3