Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13933 | 1 Apache | 1 Shiro | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | |||||
| CVE-2019-12422 | 1 Apache | 1 Shiro | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | |||||
| CVE-2016-4437 | 1 Apache | 1 Shiro | 2018-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. | |||||
| CVE-2016-6802 | 1 Apache | 1 Shiro | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. | |||||