CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass
First published: Fri Sep 17 2021(Updated: )
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Shiro | <1.8.0 | |
| Oracle Financial Services Crime And Compliance Management Studio | =8.0.8.2.0 | |
| Oracle Financial Services Crime And Compliance Management Studio | =8.0.8.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b@%3Cuser.shiro.apache.org%3E
- https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
- https://security.netapp.com/advisory/ntap-20220609-0001/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E
Frequently Asked Questions
What is the CVE ID of this vulnerability?
CVE-2021-41303
What is the severity of CVE-2021-41303?
The severity of CVE-2021-41303 is critical with a severity value of 9.8.
How does this vulnerability affect Apache Shiro?
This vulnerability affects Apache Shiro versions before 1.8.0 when used with Spring Boot.
How can I fix CVE-2021-41303?
Users should update to Apache Shiro 1.8.0 to fix this vulnerability.
Where can I find more information about CVE-2021-41303?
More information about CVE-2021-41303 can be found in the following references: [reference links]
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/apache
- canonical/apache shiro
- vendor/oracle
- canonical/oracle financial services crime and compliance management studio
- version/oracle financial services crime and compliance management studio/8.0.8.2.0
- version/oracle financial services crime and compliance management studio/8.0.8.3.0