CVE-2020-17510

CRITICAL

Apache Shiro < 1.7.0 - Authentication Bypass via Crafted HTTP Request

Title source: llm
STIX 2.1

Description

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

References (10)

Core 10
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html

Scores

CVSS v3 9.8
EPSS 0.0180
EPSS Percentile 83.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (3)
apache/shiro < 1.7.0
debian/debian_linux 9.0
org.apache.shiro/shiro-spring 0 - 1.7.0Maven
Published Nov 05, 2020
Tracked Since Feb 18, 2026