Rewterz Threat Alert – Amadey Botnet – Active IOCs
July 25, 2023Rewterz Threat Advisory – CVE-2023-32437 – Apple iOS and iPadOS Vulnerability
July 25, 2023Rewterz Threat Alert – Amadey Botnet – Active IOCs
July 25, 2023Rewterz Threat Advisory – CVE-2023-32437 – Apple iOS and iPadOS Vulnerability
July 25, 2023Severity
Medium
Analysis Summary
CVE-2023-34478
Apache Shiro could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-34478
Affected Vendors
Apache
Affected Products
- Apache Shiro 1.11.0
- Apache Shiro 2.0.0-alpha-2
Remediation
Upgrade to the latest version of Apache Shiro, available from the Apache Website.