Main Vulnerability Database Vulnerabilities #VU85349

#VU85349 Path traversal in Apache Shiro - CVE-2023-46749

Published: January 14, 2024

Vulnerability identifier: #VU85349

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-46749

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Shiro

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system. This can lead to authentication bypass when used together with path rewriting.

Remediation

Install update from vendor's website.

External links

https://seclists.org/oss-sec/2024/q1/19

#VU85349 Path traversal in Apache Shiro - CVE-2023-46749

Description

Remediation

External links

Please verify you're human