Apache Shiro versions prior to 1.3.2, when using a non-root servlet context path, allowed specifically crafted requests can be used to bypass some security servlet filters, resulting in unauthorized access.
922a5e1fd7a8d3e74cc2b4e09d237b3dd41e4acc621099a0adf20ff10239e9c8The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.
This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].
CVE-2016-6802:
Apache Shiro before 1.3.2, when using a non-root servlet context path,
specifically crafted requests can be used to by pass some security servlet
filters, resulting in unauthorized access.
Release binaries (.jars) are also available through Maven Central and
source bundles through Apache distribution mirrors.
For more information on Shiro, please read the documentation[2].
-The Apache Shiro Team
[1] http://shiro.apache.org/download.html
[2] http://shiro.apache.org/documentation.html
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed