Search CVE reports

Toggle filters

11 – 15 of 15 results

CVE-2020-11989

Medium priority

Some fixes available 2 of 10

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

1 affected package

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Not affected Not affected Fixed Fixed Needs evaluation
Show less packages

CVE-2020-1957

Medium priority

Some fixes available 2 of 10

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

1 affected package

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Not affected Not affected Fixed Fixed Needs evaluation
Show less packages

CVE-2019-12422

Medium priority
Ignored

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

1 affected package

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Ignored Ignored Ignored Ignored Ignored
Show less packages

CVE-2016-6802

Medium priority

Some fixes available 1 of 4

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

1 affected package

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-4437

High priority

Some fixes available 1 of 5

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

1 affected package

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Not affected Not affected Not affected Not affected Fixed
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON