CVE-2016-6802

CWE-284 — Improper Access Control CWE-287 — Improper Authentication10 documents8 sources

Severity

7.5HIGH

EPSS

13.5%

top 5.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Shiro

Timeline

PublishedSep 20

Latest updateDec 10

Description

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.apache.shiro:shiro-all< 1.3.2

▶Mavenorg.apache.shiro:shiro-web< 1.3.2

▶NVDapache/shiro1.3.1

▶Debianshiro< 1.3.2-1+2

🔴Vulnerability Details

GHSA

Improper Access Control in Apache Shiro↗2022-05-14

▶

OSV

Improper Access Control in Apache Shiro↗2022-05-14

▶

OSV

CVE-2016-6802: Apache Shiro before 1↗2016-09-20

▶

CVEList

CVE-2016-6802: Apache Shiro before 1↗2016-09-20

▶

📋Vendor Advisories

Ubuntu

Apache Shiro vulnerabilities↗2024-12-10

▶

Red Hat

Shiro: Security servlet filters bypass↗2016-09-13

▶

Debian

CVE-2016-6802: shiro - Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters an...↗2016

▶

💬Community

Bugzilla

CVE-2016-6802 Apache Shiro: Security servlet filters bypass [fedora-24]↗2016-09-14

▶

Bugzilla

CVE-2016-6802 Apache Shiro: Security servlet filters bypass↗2016-09-14

▶