CVE-2020-13933

HIGH

Apache Shiro < 1.6.0 - Authentication Bypass via Specially Crafted HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2020-13933. PoCs published by EXP-Docs, JAckLosingHeart, 0xkami.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2020-13933, an authentication bypass vulnerability in Apache Shiro versions before 1.6.0. The exploit leverages a discrepancy in path normalization between Shiro and Spring, allowing attackers to bypass authentication by using a semicolon in the URL path.

Description

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.

Exploits (4)

nomisec WORKING POC 14 stars
by EXP-Docs · poc
https://github.com/EXP-Docs/CVE-2020-13933

This repository contains a proof-of-concept for CVE-2020-13933, an authentication bypass vulnerability in Apache Shiro versions before 1.6.0. The exploit leverages a discrepancy in path normalization between Shiro and Spring, allowing attackers to bypass authentication by using a semicolon in the URL path.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache Shiro < 1.6.0
No auth needed
Prerequisites: Target application using Apache Shiro < 1.6.0 · Access to a protected endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 5 stars
by JAckLosingHeart · javapoc
https://github.com/JAckLosingHeart/CVE-PoC-Collection/tree/main/shiro-CVE-2020-13933

This repository contains a functional proof-of-concept for CVE-2020-13933, an authentication bypass vulnerability in Apache Shiro. The code demonstrates a misconfiguration in Shiro's URL path matching, allowing unauthorized access to protected endpoints.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache Shiro (versions affected by CVE-2020-13933)
No auth needed
Prerequisites: Apache Shiro with vulnerable configuration
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WRITEUP 2 stars
by 0xkami · poc
https://github.com/0xkami/cve-2020-13933

This repository contains a writeup for CVE-2020-13933, an Apache Shiro authentication bypass vulnerability. It references a blog post for environment setup and exploitation steps but does not include actual exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: Apache Shiro (version not specified)
No auth needed
Prerequisites: Apache Shiro environment setup · Burp Suite or similar for packet capture
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/lyy289065406/cve-2020-13933

This repository contains a functional proof-of-concept for CVE-2020-13933, an authentication bypass vulnerability in Apache Shiro versions before 1.6.0. The exploit leverages URL-encoded semicolons to bypass authentication checks in Shiro's path normalization logic.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache Shiro < 1.6.0
No auth needed
Prerequisites: Apache Shiro version < 1.6.0 · Spring Framework environment
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (16)

Core 16
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html

Scores

CVSS v3 7.5
EPSS 0.8093
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (3)
apache/shiro < 1.6.0
debian/debian_linux 9.0
org.apache.shiro/shiro-core 0 - 1.6.0Maven
Published Aug 17, 2020
Tracked Since Feb 18, 2026