CVE-2014-0074

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-0074

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-0074.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2014-0074

Published

2014-10-06T14:55:08Z

Modified

2024-11-21T02:01:18Z

Summary

[none]

Details

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

References

Affected packages

Debian:11 / shiro

Package

Name: shiro
Purl: pkg:deb/debian/shiro?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / shiro

Package

Name: shiro
Purl: pkg:deb/debian/shiro?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / shiro

Package

Name: shiro
Purl: pkg:deb/debian/shiro?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}