PT-2021-4217 · Apache+1 · Apache Shiro+1

Published

2021-09-16

Updated

2022-08-12

CVE-2021-41303

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 1.8.0

Description The issue is related to weaknesses in the authentication mechanism of Apache Shiro. A specially crafted HTTP request may cause an authentication bypass, allowing a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 1.8.0, update to Apache Shiro 1.8.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on Apache Shiro for authentication until the update can be applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2021-04821

CVE-2021-41303

GHSA-F6JP-J6W3-W9HM

Affected Products

Apache Shiro

Debian

PT-2021-4217 · Apache+1 · Apache Shiro+1

CVE-2021-41303

Weakness Enumeration

Related Identifiers

Affected Products

References · 18