HTTP: Apache ShenYu Admin JWT Authentication Bypass

This signature detects attempts to exploit a known vulnerability against Apache ShenYu Admin. A successful attack can lead to security bypass.

Extended Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Affected Products

Apache shenyu

References

CVE: CVE-2021-37580

Short Name
HTTP:APACHE:SHNYU-JWT-AUTH-BYPS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Admin Apache Authentication Bypass CVE-2021-37580 JWT ShenYu
Release Date
12/27/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3693
False Positive
Unknown
Vendors

Apache

CVSS Score

7.5

Found a potential security threat?