CVE-2023-46749
Path Traversal vulnerability in shiro-core (Maven)

Path Traversal Proof of concept

What is CVE-2023-46749 About?

Apache Shiro versions before 1.13.0 or 2.0.0-alpha-4 are susceptible to a path traversal attack. This can lead to an authentication bypass when used with path rewriting. Exploitation is moderate, requiring path rewriting and specific Shiro configurations.

Affected Software

  • org.apache.shiro:shiro-core
    • <1.13.0
    • >2.0.0alpha1, <2.0.0-alpha4

Technical Details

The vulnerability exists in Apache Shiro versions prior to 1.13.0 or 2.0.0-alpha-4. It is a path traversal flaw that specifically leads to an authentication bypass when combined with path rewriting. The issue typically arises when Shiro's URL matching logic, used for access control, incorrectly handles encoded or specially crafted path segments, especially in conjunction with URL rewriting mechanisms. This misinterpretation allows an attacker to bypass authentication checks by manipulating the URL path to access protected resources that would otherwise require authentication. The problem is exacerbated if the blockSemicolon setting is disabled, as semicolons can be used as path delimiters in some interpretations.

What is the Impact of CVE-2023-46749?

Successful exploitation may allow attackers to bypass authentication and gain unauthorized access to protected resources or functionalities within the application.

What is the Exploitability of CVE-2023-46749?

Exploitation is of moderate complexity, requiring knowledge of Apache Shiro's internal workings and how path rewriting is configured. No authentication is required for the attacker to initiate the bypass attempt. The attack is remote, leveraging crafted URLs. No special privileges are needed. A key condition for exploitation is the server's use of path rewriting and potentially the blockSemicolon setting being disabled (though it's default to be enabled). The primary risk factor is allowing external input to influence URL path handling without sufficient validation, leading to security control bypasses.

What are the Known Public Exploits?

PoC Author Link Commentary
shoucheng3 Link PoC for CVE-2023-46749

What are the Available Fixes for CVE-2023-46749?

Available Upgrade Options

  • org.apache.shiro:shiro-core
    • <1.13.0 → Upgrade to 1.13.0
  • org.apache.shiro:shiro-core
    • >2.0.0alpha1, <2.0.0-alpha4 → Upgrade to 2.0.0-alpha4

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2023-46749?

Similar Vulnerabilities: CVE-2024-1483 , CVE-2024-1560 , CVE-2023-6831 , CVE-2022-4303 , CVE-2022-45868

All Rights reserved 2025
Privacy Policy