https://bugzilla.redhat.com/show_bug.cgi?id=1869860
Bug ID: 1869860 Summary: CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: aileenc@redhat.com, ataylor@redhat.com, chazlett@redhat.com, dbecker@redhat.com, drieden@redhat.com, extras-orphan@fedoraproject.org, ganandan@redhat.com, ggaughan@redhat.com, gmalinko@redhat.com, gvarsami@redhat.com, janstey@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jjoyce@redhat.com, jochrist@redhat.com, jschluet@redhat.com, jwon@redhat.com, kbasil@redhat.com, kconner@redhat.com, ldimaggi@redhat.com, lhh@redhat.com, lpeer@redhat.com, mburns@redhat.com, mkolesni@redhat.com, nwallace@redhat.com, puntogil@libero.it, rwagner@redhat.com, sclewis@redhat.com, scohen@redhat.com, slinaber@redhat.com, tcunning@redhat.com, tkirby@redhat.com Target Milestone: --- Classification: Other
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Reference: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f00410...