Miggo Logo

CVE-2021-41303: Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.9806%
Published
9/20/2021
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.shiro:shiro-coremaven< 1.8.01.8.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how Shiro's path matching interacts with Spring Boot's URL normalization. The PathMatchingFilterChainResolver.getChain method is the core component responsible for matching incoming requests to security chains. In vulnerable versions, this method didn't account for Spring Boot's path handling behaviors, allowing specially crafted requests to bypass authentication. The function signature is identified based on Shiro's security architecture and known fixes in version 1.8.0 that modified path resolution logic in this class.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** S*iro ***or* *.*.*, w**n usin* *p**** S*iro wit* Sprin* *oot, * sp**i*lly *r**t** *TTP r*qu*st m*y **us* *n *ut**nti**tion *yp*ss. Us*rs s*oul* up**t* to *p**** S*iro *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom *ow S*iro's p*t* m*t**in* int*r**ts wit* Sprin* *oot's URL norm*liz*tion. T** P*t*M*t**in**ilt*r***inR*solv*r.**t***in m*t*o* is t** *or* *ompon*nt r*sponsi*l* *or m*t**in* in*omin* r*qu*sts to s**urity ***ins. In vuln*r*