Описание
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
A flaw was found in Apache Shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality, integrity as well as system availability.
Отчет
Although Red Hat OpenStack Platform's OpenDaylight includes the affected code, the vulnerable function is not used and therefore not exploitable. For this reason, the RHOSP impact is low and no update will be provided at this time for OpenDaylight.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | shiro-core | Will not fix | ||
| Red Hat JBoss A-MQ 6 | shiro-core | Out of support scope | ||
| Red Hat JBoss Fuse 6 | shiro-core | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Will not fix |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...
Уязвимость фреймворка Apache Shiro, связанная с недостатками аутентификации, позволяющая нарушителю повысить свои привилегии
9.8 Critical
CVSS3