What is CVE-2010-3863?

CVE-2010-3863 is a vulnerability in Apache Shiro, classified under Path Traversal. Published 2010-11-05.

Is CVE-2010-3863 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Apache Shiro

CVE-2010-3863

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstr…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.123 (94.0th percentile) — read the EPSS interpretation.

Affected products

Apache Shiro
Jsecurity — versions 0.9.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

44616 (Exploit, vdb-entry, x_refsource_BID)
41989 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
69067 (x_refsource_OSVDB, vdb-entry)
20101103 CVE-2010-3863: Apache Shiro information disclosure vulnerability (mailing-list, x_refsource_BUGTRAQ)
20101102 CVE-2010-3863: Apache Shiro information disclosure vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)
shiro-filters-security-bypass(62959) (vdb-entry, x_refsource_XF)
ADV-2010-2888 (vdb-entry, x_refsource_VUPEN)

Frequently asked questions

What is CVE-2010-3863?: CVE-2010-3863 is a vulnerability in Apache Shiro, classified under Path Traversal. Published 2010-11-05.
Is CVE-2010-3863 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.