Showing 1 - 1 of 1

CVE-2010-3863

Status Candidate

Overview

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

Related Files

Apache Shiro Information Disclosure: Posted Nov 4, 2010; Authored by SpringSource Security Team; Apache Shiro version 1.0.0-incubating suffers from an information disclosure vulnerability. Shiro's path-based filter chain mechanism did not normalize request paths before performing path-matching logic. The result is that Shiro filter chain matching logic was susceptible to potential path traversal attacks.; tags | exploit, info disclosure; advisories | CVE-2010-3863; SHA-256 | edbfc654a617fb75fdde37febf48f3584026969f760f1650e56dd5ba41ffad08; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2010-3863

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems