Описание
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
A flaw was found in Apache Shiro. When using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Whilst the OpenDaylight version that is included in Red Hat OpenStack Platform includes the affected code, the vulnerable function is not used and therefore not exploitable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | shiro-core | Not affected | ||
| Red Hat JBoss A-MQ 6 | shiro-core | Not affected | ||
| Red Hat JBoss Fuse 6 | shiro-core | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | shiro-core | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...
EPSS
9.8 Critical
CVSS3