QwikSec

Security Database

CVE

CWE

Training

CVE-2022-40664

Published: Oct 12, 2022

Modified: May 15, 2025

PUBLISHED

Description

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

Vendor	Product	Versions
Apache Software Foundation	Apache Shiro	affected `Apache Shiro - < 1.10.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg

[oss-security] 20221011 CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher

mailing-list

[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher

mailing-list

[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher

mailing-list

https://security.netapp.com/advisory/ntap-20221118-0005/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.