Vulnerabilities > Apache > Shiro

DATE CVE VULNERABILITY TITLE RISK
2020-06-22 CVE-2020-11989 Unspecified vulnerability in Apache Shiro
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache
critical
 9.8
9.8
2020-03-25 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache debian
critical
 9.8
9.8
2019-11-18 CVE-2019-12422 Unspecified vulnerability in Apache Shiro
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
network
low complexity
apache
7.5
7.5
2016-09-20 CVE-2016-6802 Improper Access Control vulnerability in Apache Shiro 1.3.1
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
network
low complexity
apache CWE-284
7.5
7.5
2016-06-07 CVE-2016-4437 Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
network
low complexity
apache redhat
critical
 9.8
9.8