Known Vulnerabilities for Shiro by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Shiro" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-41303 | Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentica... | 9.8 - CRITICAL | 2021-09-17 | 2023-11-07 |
| CVE-2020-17523 | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication ... | 9.8 - CRITICAL | 2021-02-03 | 2023-11-07 |
| CVE-2020-17510 | Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication ... | 9.8 - CRITICAL | 2020-11-05 | 2023-11-07 |
| CVE-2020-13933 | Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | 7.5 - HIGH | 2020-08-17 | 2023-11-07 |
| CVE-2020-11989 | Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an ... | 9.8 - CRITICAL | 2020-06-22 | 2023-11-07 |
| CVE-2020-1957 | Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an ... | 9.8 - CRITICAL | 2020-03-25 | 2023-11-07 |
| CVE-2019-12422 | Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding atta... | 7.5 - HIGH | 2019-11-18 | 2023-11-07 |
| CVE-2016-6802 | Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root... | 7.5 - HIGH | 2016-09-20 | 2018-10-09 |
| CVE-2016-4437 | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers t... | 8.1 - HIGH | 2016-06-07 | 2023-11-07 |
| CVE-2014-0074 | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass... | 7.5 - HIGH | 2014-10-06 | 2014-10-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Shiro | 1.7.1 | All | All | All |
| Application | Apache | Shiro | 1.7.0 | All | All | All |
| Application | Apache | Shiro | 1.6.0 | All | All | All |
| Application | Apache | Shiro | 1.5.3 | All | All | All |
| Application | Apache | Shiro | 1.5.2 | All | All | All |
| Application | Apache | Shiro | 1.5.1 | All | All | All |
| Application | Apache | Shiro | 1.5.0 | All | All | All |
| Application | Apache | Shiro | 1.4.2 | All | All | All |
| Application | Apache | Shiro | 1.4.1 | All | All | All |
| Application | Apache | Shiro | 1.4.0 | - | All | All |
| Application | Apache | Shiro | 1.4.0 | rc2 | All | All |
| Application | Apache | Shiro | 1.4.0 | rc1 | All | All |
| Application | Apache | Shiro | 1.3.2 | All | All | All |
| Application | Apache | Shiro | 1.3.1 | All | All | All |
| Application | Apache | Shiro | 1.3.0 | All | All | All |
| Application | Apache | Shiro | 1.2.6 | All | All | All |
| Application | Apache | Shiro | 1.2.5 | All | All | All |
| Application | Apache | Shiro | 1.2.4 | All | All | All |
| Application | Apache | Shiro | 1.2.3 | All | All | All |
| Application | Apache | Shiro | 1.2.2 | All | All | All |