Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2010-3863 Vulnerability in maven package org.jsecurity:jsecurity

Description

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

Remediation

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0020.html

http://osvdb.org/69067

http://secunia.com/advisories/41989

http://www.securityfocus.com/archive/1/514616/100/0/threaded

http://www.securityfocus.com/bid/44616

http://www.vupen.com/english/advisories/2010/2888

https://exchange.xforce.ibmcloud.com/vulnerabilities/62959

Related Vulnerabilities

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2022-39353 Vulnerability in npm package @xmldom/xmldom

CVE-2023-37478 Vulnerability in npm package @pnpm/macos-x64

CVE-2022-42009 Vulnerability in maven package org.apache.ambari:ambari

CVE-2022-43404 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

Critical

Classification

CWE-22

Tags

Exploit Vendor Advisory