CVE-2014-0074
published 2014-10-06CVE-2014-0074: Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1)…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | shiro | — | — |
| apache | shiro | — | — |
| apache | shiro | — | — |
| apache | shiro | — | — |
| apache | shiro | — | — |
| apache | shiro | >= 0 < 1.2.3-1 | 1.2.3-1 |
| apache | shiro | >= 0 < 1.2.3-1 | 1.2.3-1 |
| apache | shiro | >= 0 < 1.2.3-1 | 1.2.3-1 |
| debian | shiro | < shiro 1.2.3-1 (bookworm) | shiro 1.2.3-1 (bookworm) |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH