Описание
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
A flaw was found in Apache shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. This highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Whilst the OpenDaylight version that is included in Red Hat OpenStack Platform includes the affected code, the vulnerable function is not used and therefore not exploitable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Integration Camel K 1 | camel-shiro | Not affected | ||
| Red Hat JBoss A-MQ 6 | shiro | Out of support scope | ||
| Red Hat JBoss Fuse 6 | shiro-core | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | shiro-core | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Will not fix | ||
| Red Hat Fuse 7.9 | shiro-core | Fixed | RHSA-2021:3140 | 11.08.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...
Уязвимость фреймворка Apache Shiro , связанная с отсутствием процедуры аутентификации, позволяющая нарушителю загрузить специально созданный вредоносный файл
EPSS
9.8 Critical
CVSS3