Description

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

Remediation

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0020.html

http://www.securityfocus.com/bid/44616

http://secunia.com/advisories/41989

http://osvdb.org/69067

http://www.vupen.com/english/advisories/2010/2888

https://exchange.xforce.ibmcloud.com/vulnerabilities/62959

http://www.securityfocus.com/archive/1/514616/100/0/threaded

Related Vulnerabilities

CVE-2019-1003000 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2019-12409 Vulnerability in maven package org.apache.solr:solr-core

CVE-2023-40340 Vulnerability in maven package org.jenkins-ci.plugins:nodejs

CVE-2023-26149 Vulnerability in maven package org.webjars.npm:quill-mention

CVE-2022-43441 Vulnerability in npm package sqlite3

Severity

Critical

Classification

CWE-22

Tags

Exploit Vendor Advisory