CVE-2010-3863

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0020.html	Exploit
http://osvdb.org/69067
http://secunia.com/advisories/41989	Vendor Advisory
http://www.securityfocus.com/archive/1/514616/100/0/threaded
http://www.securityfocus.com/bid/44616	Exploit
http://www.vupen.com/english/advisories/2010/2888
https://exchange.xforce.ibmcloud.com/vulnerabilities/62959

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:shiro::::::::
	cpe:2.3:a:jsecurity:jsecurity:0.9.0:::::::*

History

No history.

Information

Published : 2010-11-05 17:00

Updated : 2018-10-10 20:05

NVD link : CVE-2010-3863

Mitre link : CVE-2010-3863

CVE.ORG link : CVE-2010-3863

JSON object : View

Products Affected

jsecurity

jsecurity

apache

shiro

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2010-3863", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-11-05T17:00:02.577", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0020.html", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/69067", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41989", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/514616/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/44616", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/2888", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62959", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI."}, {"lang": "es", "value": "Apache Shiro anterior a v1.1.0 y JSecurity v0.9.x, no canoniza rutas URI antes de compararlas como entradas en el archivo shiro.ini, lo cual permite a atacantes remotos evitar las restricciones de acceso mediante una solicitud manipulada, como lo demuestra la URI /./account/index.jsp"}], "lastModified": "2018-10-10T20:05:34.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E31AB0-3484-46E1-8C7A-5FAA92B21167", "versionEndIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:jsecurity:jsecurity:0.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9B625E5-8D60-4E40-B887-DDC8B21FB2F7"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}