[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-32532: Apache Shiro: Authentication Bypass Vulnerability
From: Brian Demers <bdemers () apache ! org>
Date: 2022-06-28 19:32:01
Message-ID: CAH9eYVqfx9RvVpg34arMu4unNkmzwAbtL2umS+41atCZAVyctw () mail ! gmail ! com
[Download RAW message or body]
Description:
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured
to be bypassed on some servlet containers. Applications using
RegExPatternMatcher with `.` in the regular expression are possibly
vulnerable to an authorization bypass.
Credit:
Apache Shiro would like the thank 4ra1n for reporting this issue.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic