Users of Apache Shiro please be advised of an information disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
CVE-2010-3863: Apache Shiro information disclosure vulnerability
Versions Affected:
Apache Shiro 1.0.0-incubating
The unsupported JSecurity 0.9.x versions are also affected
Description:
Shiro's path-based filter chain mechanism did not normalize request paths
before performing path-matching logic. The result is that Shiro filter
chain matching logic was susceptible to potential path traversal attacks.Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/eoxh
No comments:
Post a Comment