CVE-2022-40664 - Vulnerability Details - OpenCVE

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Apache	Shiro

Configuration 1 [-]

cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/10/12/1
http://www.openwall.com/lists/oss-security/2022/10/12/2
http://www.openwall.com/lists/oss-security/2022/10/13/1
https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
https://nvd.nist.gov/vuln/detail/CVE-2022-40664
https://security.netapp.com/advisory/ntap-20221118-0005/
https://www.cve.org/CVERecord?id=CVE-2022-40664

History

Thu, 15 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-10-12T00:00:00.000Z

Updated: 2025-05-15T15:02:41.513Z

Reserved: 2022-09-13T00:00:00.000Z

Link: CVE-2022-40664

Vulnrichment

Updated: 2024-08-03T12:21:46.341Z

NVD

Status : Modified

Published: 2022-10-12T07:15:09.100

Modified: 2025-05-15T15:16:02.937

Link: CVE-2022-40664

Redhat

Severity : Important

Publid Date: 2022-10-12T00:00:00Z

Links: CVE-2022-40664 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-40664", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2025-05-15T15:02:41.513Z", "dateReserved": "2022-09-13T00:00:00.000Z", "datePublished": "2022-10-12T00:00:00.000Z"}, "containers": {"cna": {"title": "Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-11-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher."}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Shiro", "versions": [{"version": "Apache Shiro", "status": "affected", "lessThan": "1.10.0", "versionType": "custom"}]}], "references": [{"url": "https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg"}, {"name": "[oss-security] 20221011 CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/1"}, {"name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/2"}, {"name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/1"}, {"url": "https://security.netapp.com/advisory/ntap-20221118-0005/"}], "credits": [{"lang": "en", "value": "Apache Shiro would like to thank Y4tacker for reporting this issue"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-287 Improper Authentication", "cweId": "CWE-287"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:21:46.341Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221011 CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/1"}, {"name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/2"}, {"name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/1"}, {"url": "https://security.netapp.com/advisory/ntap-20221118-0005/", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-15T15:02:13.459494Z", "id": "CVE-2022-40664", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T15:02:41.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/12/1", "name": "[oss-security] 20221011 CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/12/2", "name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/13/1", "name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221118-0005/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:21:46.341Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-40664", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-15T15:02:13.459494Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T15:02:34.825Z"}}], "cna": {"title": "Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Apache Shiro would like to thank Y4tacker for reporting this issue"}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Shiro", "versions": [{"status": "affected", "version": "Apache Shiro", "lessThan": "1.10.0", "versionType": "custom"}]}], "references": [{"url": "https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg"}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/12/1", "name": "[oss-security] 20221011 CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/12/2", "name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/13/1", "name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20221118-0005/"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-11-18T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-40664", "state": "PUBLISHED", "dateUpdated": "2025-05-15T15:02:41.513Z", "dateReserved": "2022-09-13T00:00:00.000Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-10-12T00:00:00.000Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D80A654-E0DF-4E5D-8EB7-819A50F76F26", "versionEndExcluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher."}, {"lang": "es", "value": "Apache Shiro versiones anteriores a 1.10.0, una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en Shiro cuando es reenviado o es incluida por medio de RequestDispatcher"}], "id": "CVE-2022-40664", "lastModified": "2025-05-15T15:16:02.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-10-12T07:15:09.100", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg"}, {"source": "security@apache.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221118-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/12/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221118-0005/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security@apache.org", "type": "Secondary"}]}

{"bugzilla": {"description": "shiro: Authentication Bypass Vulnerability", "id": "2193469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193469"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-287", "details": ["Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.", "A flaw was found in Apache Shiro. An authentication bypass vulnerability occurs when forwarding or including via the RequestDispatcher."], "name": "CVE-2022-40664", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "shiro-core", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat Integration Camel Quarkus 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "shiro-core", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "shiro-core", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "shiro-core", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2022-10-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-40664\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40664"], "threat_severity": "Important"}