WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2010-3863 Vulnerability in maven package org.jsecurity:jsecurity

Description

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

Remediation

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0020.html

http://osvdb.org/69067

http://secunia.com/advisories/41989

http://www.securityfocus.com/archive/1/514616/100/0/threaded

http://www.securityfocus.com/bid/44616

http://www.vupen.com/english/advisories/2010/2888

https://exchange.xforce.ibmcloud.com/vulnerabilities/62959

Related Vulnerabilities

CVE-2018-19057 Vulnerability in npm package simplemde

CVE-2023-30532 Vulnerability in maven package org.jenkinsci.plugins.spoonscript:spoonscript

CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12

CVE-2018-16490 Vulnerability in npm package mpath

CVE-2013-2071 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-22

Tags

Exploit Vendor Advisory