Apache Shiro ȨÏÞÈÆ¹ýÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2020-03-26

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-1957£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Apache Shiro < 1.5.2


Îó²î¸ÅÊö


Apache ShiroÊÇÒ»¸öJavaÇå¾²¿ò¼Ü£¬£¬£¬£¬£¬£¬£¬Ö´ÐÐÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢ÃÜÂë¡¢»á»°ÖÎÀí¡£¡£¡£¡£¡£ShiroÊÇApache µÄÒ»¸ö¿ªÔ´ÏîÄ¿£¬£¬£¬£¬£¬£¬£¬Ç°ÉíÊÇJSecurity ÏîÄ¿£¬£¬£¬£¬£¬£¬£¬Ê¼ÓÚ2003ÄêÍ·¡£¡£¡£¡£¡£Shiro ¿ÉÒÔΪÈκÎÓ¦ÓÃÌṩÇå¾²°ü¹Ü - ´ÓÏÂÁîÐÐÓ¦Óá¢Òƶ¯Ó¦Óõ½´óÐÍÍøÂç¼°ÆóÒµÓ¦Óᣡ£¡£¡£¡£

¿ËÈÕ£¬£¬£¬£¬£¬£¬£¬Shiro¹Ù·½Ðû²¼ÁËÒ»¸öÇå¾²¸üÐÂͨ¸æ£º Shiro < 1.5.2 °æ±¾±£´æÒ»´¦È¨ÏÞÈÆ¹ýÎó²î£¬£¬£¬£¬£¬£¬£¬µ±ÊÜÓ°Ïì°æ±¾µÄ Shiro¿ò¼ÜÁ¬Ïµ Spring dynamic controllers ʹÓÃʱ£¬£¬£¬£¬£¬£¬£¬Î´¾­ÊÚȨµÄÔ¶³Ì¹¥»÷Õß¿ÉÒÔͨ¹ýÈ«ÐĽṹµÄÇëÇó°ü¾ÙÐÐȨÏÞÈÆ¹ý£¬£¬£¬£¬£¬£¬£¬¿ÉÄÜÔì³É¼øÈ¨ÏµÍ³Ê§Ð§ÒÔ¼°ºǫ́¹¦Ð§Ì»Â¶¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPoC/EXP¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ¹Ù·½ÒÑÐû²¼Ð°汾£¬£¬£¬£¬£¬£¬£¬Çë¸üе½ Shiro 1.5.2¼°ÒÔÉϰ汾£¬£¬£¬£¬£¬£¬£¬Á´½Ó£ºhttp://shiro.apache.org/download.html¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://seclists.org/oss-sec/2020/q1/120