Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 15 of 15 results


CVE-2020-11989

Medium priority

Some fixes available 2 of 13

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Fixed Fixed Needs evaluation
Show less packages

CVE-2020-1957

Medium priority

Some fixes available 2 of 13

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Fixed Fixed Needs evaluation
Show less packages

CVE-2019-12422

Medium priority
Needs evaluation

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2016-6802

Medium priority
Vulnerable

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-4437

High priority
Vulnerable

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Not affected Not affected Not affected Not affected Vulnerable
Show less packages