DEBIAN-CVE-2014-0074

DEBIAN-CVE-2014-0074 PUBLISHED CVSS 8.5 HIGH

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:13	shiro	0, 0, 0
Debian:11	shiro	0, 0, 0
Debian:12	shiro	0, 0, 0

Timeline

Oct 6, 2014 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2014-0074 advisory

Open in Interactive Console →