High severity7.5NVD Advisory· Published Sep 20, 2016· Updated Jun 17, 2026
CVE-2016-6802
CVE-2016-6802
Description
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.shiro:shiro-allMaven | < 1.3.2 | 1.3.2 |
org.apache.shiro:shiro-webMaven | < 1.3.2 | 1.3.2 |
Affected products
3- ghsa-coords2 versions
< 1.3.2+ 1 more
- (no CPE)range: < 1.3.2
- (no CPE)range: < 1.3.2
Patches
Vulnerability mechanics
References
8- packetstormsecurity.com/files/138709/Apache-Shiro-Filter-Bypass.htmlnvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/92947nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-4q2v-j639-cp7pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6802ghsaADVISORY
- github.com/apache/shiro/commit/b15ab927709ca18ea4a02538be01919a19ab65afghsaWEB
- issues.apache.org/jira/browse/SHIRO-584ghsaWEB
- packetstormsecurity.com/files/138709/Apache-Shiro-Filter-Bypass.htmlghsaWEB
- www.securityfocus.com/archive/1/539397/100/0/threadednvd
News mentions
0No linked articles in our index yet.