=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN487
_____________________________________________________________________

DATE                : 17/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Shiro versions prior to
                                         1.8.0.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202109.mbox/%3cCAH9eYVr-F0T4X_vfz+czLeEd_FZBHa=r7=YzL7ZZFpz465NoAA@mail.gmail.com%3e
_____________________________________________________________________


CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with
Spring Boot, a specially crafted HTTP request may cause an
authentication bypass


Description:

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a
specially crafted HTTP request may cause an authentication bypass.

Users should update to Apache Shiro 1.8.0.

Credit:

Apache Shiro would like to thank tsug0d for reporting this issue.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================