|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-07-06 | |
| Rule Name: | Apache Shiro Authentication Bypass Vulnerability (CVE-2020-17523) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Apache Shiro is a Java security framework for performing certification, authorization, encryption, and session management of the Apache Foundation. The 1.7.1 version of Apache Shiro has vulnerabilities:the attacker can use the vulnerability to send an HTTP request to authentication bypass. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://lists.apache.org/thread.html/r5b93ddf97e2c4cda779d22fab30539bdec454cfa5baec4ad0ffae235@%3Cgitbox.activemq.apache.org%3E https://lists.apache.org/thread.html/r679ca97813384bdb1a4c087810ba44d9ad9c7c11583979bb7481d196@%3Cdev.shiro.apache.org%3E https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://lists.apache.org/thread.html/rce5943430a6136d37a1f2fc201d245fe094e2727a0bc27e3b2d43a39%40%3Cdev.shiro.apache.org%3E |