CVE-2020-17510 | Apache ShiroÉí·ÝÑéÖ¤Èƹý·ì϶¹«¸æ

°ä²¼¹¦·ò 2020-11-03

0x00 ·ì϶¸ÅÊö

CNVD   ID

CVE-2020-17510

ʱ    ¼ä

2020-11-03

Àà    ÐÍ

Éí·ÝÑéÖ¤Èƹý

µÈ    ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò

Apache Shiro <1.7.0

 

Apache ShiroÊÇÒ»¸ö׳´óÇÒÒ×ÓõÄJava°²È«¿ò¼Ü,ÆäÖ§³ÖÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢ÃÜÂëºÍ»á»°ÖÎÀíµÈ¡£Ê¹ÓÃShiroµÄAPI,Äܹ»¼±¾ç¡¢ÇáËɵػñµÃÈκÎÀûÓ÷¨Ê½¡£

 

0x01 ·ì϶ÏêÇé

 image.png


2020Äê10ÔÂ30ÈÕ£¬Apache Shiro°ä²¼1.7.0°æ±¾£¬½¨¸´ÁË Apache Shiro Éí·ÝÑéÖ¤Èƹý·ì϶ (CVE-2020-17510)¡£µ±Apache ShiroÓëSpring½áºÏʹÓÃʱ£¬¹¥»÷ÕßÄܹ»Ê¹ÓöñÒâHTTPÒªÇóÀ´ÈƹýShiroµÄÉí·ÝÈÏÖ¤¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»½Ó¼ûºó¶ÜÖ°ÄÜ£¬°²È«·çÏսϸß¡£

 

0x02 ´ëÖý¨Òé

½¨Òéʵʱ¸üÐÂÖÁ°²È«°æ±¾¡£

ÏÂÔصØÖ·£º

https://shiro.apache.org/download.html

 

0x03 ²Î¿¼Á´½Ó

https://www.mail-archive.com/user@shiro.apache.org/msg05870.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17510

 

0x04 ¹¦·òÏß

2020-10-30  Apache Shiro°ä²¼¸üÐÂ

2020-11-03  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

 

 

 

image.png