Package "libshiro-java"
Name: |
libshiro-java
|
Description: |
Apache Shiro - Java Security Framework
|
Latest version: |
1.3.2-4ubuntu0.2 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Head package: |
shiro |
Homepage: |
http://shiro.apache.org |
Links
Download "libshiro-java"
Other versions of "libshiro-java" in Focal
Changelog
shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: improper authentication issue when receiving specially
crafted HTTP request
- debian/patches/CVE-2020-13933.patch: new global filter added to block
invalid requests.
- debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of
backslashes in invalid request filter.
- debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL
rewriting by default.
- debian/patches/CVE-2020-1957_11989.patch: patch updated with additional
testing.
- debian/patches/05-guice-improvements.patch: support for Guice 4 added
with patch also acting as an additional commit for the above patches.
- CVE-2020-13933
- CVE-2020-17510
-- Evan Caville <email address hidden> Tue, 08 Aug 2023 12:30:46 +1000
|
Source diff to previous version |
CVE-2020-13933 |
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. |
CVE-2020-17510 |
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. |
CVE-2020-1957 |
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. |
|
shiro (1.3.2-4ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Improper Authentication
- debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue
where a specially-crafted request could cause an authentication bypass.
- CVE-2020-1957
- CVE-2020-11989
-- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Feb 2021 12:53:26 +0000
|
CVE-2020-1957 |
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. |
CVE-2020-11989 |
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. |
|
About
-
Send Feedback to @ubuntu_updates