漏洞描述
Apache Shiro是一款开源安全框架,提供身份验证、授权、密码学和会话管理。Shiro框架直观、易用,同时也能提供健壮的安全性。在Apache Shiro1.5.2以前的版本中,在使用Spring动态控制器时,攻击者通过构造..;这样的跳转,可以绕过Shiro中对目录的权限限制。
Apache Shiro 认证绕过漏洞(CVE-2020-1957)
PoC代码
暂无相关漏洞推荐
-
default-apache-shiro: Apache Shiro Default Page POC
2025-09-01 | Apache Shiro Default Pageshodan-query: title:"Apache Shiro Quickstart" fofa: title="Apache Shiro Quickstart&qu... -
CVE-2016-4437: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability POC
2025-08-01 | Apache ShiroApache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me"... -
Apache Shiro 认证绕过漏洞(CVE-2020-13933) 无POC
2024-05-06 | Apache ShiroApache Shiro是一款开源安全框架,提供身份验证、授权、密码学和会话管理。Shiro框架直观、易用,同时也能提供健壮的安全性。之前ApacheShiro身份验证绕过漏洞CVE-2020-119... -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...