Description

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password and session management.

Apache Shiro before 1.7.1 (when used with Spring), is vulnerable to an authentication bypass vulnerability that allows an attacker to bypass authentication using a specially crafted HTTP request .

Remediation

Uprade to the latest version of Apache Shiro.

References

Apache Shiro Vulnerability Reports

CVE-2020-17523 Apache Shiro authentication bypass analysis

Related Vulnerabilities

Method Tampering

WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1)

WordPress Plugin miniOrange Discord Integration Security Bypass (2.1.5)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)

WordPress Plugin WP Print Friendly Security Bypass (0.5.2)

Severity

High

Classification

CVE-2020-17523 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass