Описание
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.
A flaw was sound in Apache Shiro's RegexRequestMatcher, which can be misconfigured and bypassed on some servlet containers. Applications using RegExPatternMatcher with '.' in the regular expression are vulnerable to an authorization bypass.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | shiro-core | Affected | ||
| Red Hat Fuse 7 | shiro-core | Out of support scope | ||
| Red Hat Integration Camel K 1 | shiro-core | Affected | ||
| Red Hat Integration Camel Quarkus 1 | shiro-core | Affected | ||
| Red Hat JBoss A-MQ 6 | shiro-core | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | shiro-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | shiro-core | Not affected | ||
| Red Hat JBoss Fuse 6 | shiro-core | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | shiro-core | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | shiro-core | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...
EPSS
8.1 High
CVSS3