Showing 1 - 2 of 2

CVE-2020-11989

Status Candidate

Overview

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Ubuntu Security Notice USN-4740-1: Posted Feb 19, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4740-1 - It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2020-11989; SHA-256 | b3b8bf514ec38521acd2be501b5bd64089f6ae87f9304453ee94171d077ac559; Download | Favorite | View

Red Hat Security Advisory 2020-5568-01: Posted Dec 16, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-5568-01 - This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, bypass, code execution, cross site scripting, denial of service, deserialization, file disclosure, information leakage, memory leak, out of bounds read, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.; tags | advisory, remote, denial of service, vulnerability, code execution, xss, sql injection, memory leak; systems | linux, redhat; advisories | CVE-2018-1000873, CVE-2019-0205, CVE-2019-0210, CVE-2019-10202, CVE-2019-10219, CVE-2019-11777, CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-14900, CVE-2019-17566, CVE-2019-17638, CVE-2019-19343, CVE-2019-2692, CVE-2019-3773, CVE-2019-3774, CVE-2020-10683, CVE-2020-10740, CVE-2020-11612, CVE-2020-11971, CVE-2020-11972, CVE-2020-11973, CVE-2020-11980, CVE-2020-11989, CVE-2020-11994, CVE-2020-13692, CVE-2020-1393; SHA-256 | 4d8c51d0d7d15381aedd8f056934e518c8d3ae79ede9556857b44d07aaa1f17a; Download | Favorite | View

Page 1 of 1 Back 1 Next