漏洞描述
Apache Shiro是一款开源安全框架,提供身份验证、授权、密码学和会话管理。Shiro框架直观、易用,同时也能提供健壮的安全性。之前ApacheShiro身份验证绕过漏洞CVE-2020-11989的修复补丁存在缺陷,在1.5.3及其之前的版本,由于shiro在处理url时与spring仍然存在差异,依然存在身份校验绕过漏洞由于处理身份验证请求时出错,远程攻击者可以发送特制的HTTP请求,绕过身份验证过程并获得对应用程序的未授权访问。
Apache Shiro 认证绕过漏洞(CVE-2020-13933)
PoC代码
暂无相关漏洞推荐
-
default-apache-shiro: Apache Shiro Default Page POC
2025-09-01 | Apache Shiro Default Pageshodan-query: title:"Apache Shiro Quickstart" fofa: title="Apache Shiro Quickstart&qu... -
CVE-2016-4437: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability POC
2025-08-01 | Apache ShiroApache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me"... -
Spring Security 和 Apache Shiro 认证绕过漏洞 无POC
2024-02-22 | Apache Shiro -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...