![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Amadey Botnet – Active IOCs
July 25, 2023![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2023-32437 – Apple iOS and iPadOS Vulnerability
July 25, 2023![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Amadey Botnet – Active IOCs
July 25, 2023![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2023-32437 – Apple iOS and iPadOS Vulnerability
July 25, 2023Severity
Medium
Analysis Summary
CVE-2023-34478
Apache Shiro could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-34478
Affected Vendors
Apache
Affected Products
- Apache Shiro 1.11.0
- Apache Shiro 2.0.0-alpha-2
Remediation
Upgrade to the latest version of Apache Shiro, available from the Apache Website.