Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/92947 | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/138709/Apache-Shiro-Filter-Bypass.html | Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/539397/100/0/threaded |
Configurations
Information
Published : 2016-09-20 12:59
Updated : 2018-10-09 13:00
NVD link : CVE-2016-6802
Mitre link : CVE-2016-6802
JSON object : View
CWE
CWE-284
Improper Access Control
Products Affected
apache
- shiro