[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-32532: Apache Shiro: Authentication Bypass Vulnerability
From:       Brian Demers <bdemers () apache ! org>
Date:       2022-06-28 19:32:01
Message-ID: CAH9eYVqfx9RvVpg34arMu4unNkmzwAbtL2umS+41atCZAVyctw () mail ! gmail ! com
[Download RAW message or body]


Description:

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured
to be bypassed on some servlet containers. Applications using
RegExPatternMatcher with `.` in the regular expression are possibly
vulnerable to an authorization bypass.

Credit:

Apache Shiro would like the thank 4ra1n for reporting this issue.


[prev in list] [next in list] [prev in thread] [next in thread]