{"vulnerability": "CVE-2020-1752", "sightings": [{"uuid": "a24a0e53-2f61-40a7-9ee3-44b45a3abc09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17521", "type": "seen", "source": "https://gist.github.com/might-might/40e680f1f9ce10e8b91c6629d1f0fec9", "content": "", "creation_timestamp": "2025-12-13T20:32:11.000000Z"}, {"uuid": "5e15675c-49e5-4e23-aeed-ed8efed92c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17521", "type": "seen", "source": "https://gist.github.com/might-might/7893a493252338fe360077f6f10e55e2", "content": "", "creation_timestamp": "2025-12-13T20:32:46.000000Z"}, {"uuid": "b18c86b4-613b-4680-a57c-669f46081b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17522", "type": "seen", "source": "https://t.me/cibsecurity/22588", "content": "\u203c CVE-2020-17522 \u203c\n\nWhen ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-26T20:36:21.000000Z"}, {"uuid": "95e8e2e0-1e90-4874-b0e2-5a08f773db3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17523", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/15", "content": "CVE-2020-17523 Apache Shiro pathMatches \u8eab\u4efd\u8a8d\u8b49\u7e5e\u904e\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-17523_Apache_Shiro_pathMatches_%E8%BA%AB%E4%BB%BD%E8%AA%8D%E8%AD%89%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T06:42:55.000000Z"}, {"uuid": "78a3f2a4-95a4-4d90-be8f-fbe07c0100a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17525", "type": "seen", "source": "https://t.me/cibsecurity/25006", "content": "\u203c CVE-2020-17525 \u203c\n\nSubversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-17T13:30:45.000000Z"}, {"uuid": "435390ab-1a40-4118-990c-bdbf5d180ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17526", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/apache_airflow_cve_2020_17526", "content": "", "creation_timestamp": "2024-04-06T09:56:09.000000Z"}, {"uuid": "e412ae9b-2af1-4e32-bdb0-533d550a6dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17523", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/408", "content": "CVE-2020-17523 Apache Shiro authentication bypass analysis\n\n#InfoSec #CyberSecurity #Shiro #ApacheShiro #CVE-2020-17523 #Vulnerability\n#VulnerabilityAnalysis\n\nhttps://upurl.me/wj7w7", "creation_timestamp": "2021-02-05T17:20:22.000000Z"}, {"uuid": "959c5520-10f7-4c42-8d5b-f9304fef24f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17523", "type": "seen", "source": "https://t.me/reconshell/695", "content": "CVE-2020-17523\n\nApache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.\n\nhttps://cve.reconshell.com/cve/CVE-2020-17523", "creation_timestamp": "2021-04-25T08:04:48.000000Z"}, {"uuid": "2ee14a09-acf0-4aea-9fff-b8be69ca526c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17523", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2661", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 1-7)\nCVE-2020-1350 - Exploit SIGRed/Windows DNS Server RCE\nhttps://t.me/cybersecuritytechnologies/1422\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-7961 - Arbitrary code execution via JSONWS\nhttps://t.me/cybersecuritytechnologies/869\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2019-9041 - ZzzCMS RCE\nhttps://mobile.twitter.com/i/web/status/1357931580098899970\nCVE-2021-22122 - XSS vulnerability in FortiWeb\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-22122\nCVE-2019-5127 - A cmd injection in YouPHPTube Encoder\nhttps://mobile.twitter.com/i/web/status/1357546718821142528\nCVE-2020-17523 - Apache Shiro pathMatches Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/2650", "creation_timestamp": "2024-05-22T06:15:17.000000Z"}, {"uuid": "6094bc9d-1620-4d31-a2b9-d0c9224d18ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17521", "type": "seen", "source": "https://t.me/cibsecurity/17205", "content": "\u203c CVE-2020-17521 \u203c\n\nApache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-07T22:30:16.000000Z"}, {"uuid": "bea49b55-210f-4aac-a6a6-3143550b4c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17523", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2650", "content": "#exploit\nCVE-2020-17523:\nApache Shiro pathMatches Authentication Bypass\n\ncondition: Shiro with Spring\n\n/admin/[space] \n/admin/%20\n\nPoC:\ncurl -v http://[Vimtim]/admin/%20/\nhttps://github.com/jweny/shiro-cve-2020-17523", "creation_timestamp": "2022-01-09T19:07:40.000000Z"}, {"uuid": "37fae543-fa75-44f0-915f-5bb4af72bdee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/18127", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:25:06.000000Z"}, {"uuid": "4b28f167-5207-4db6-b5ab-e3688efcb029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/18107", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:22:45.000000Z"}, {"uuid": "b664feb7-e1b5-4795-b047-a511f907917b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17527", "type": "seen", "source": "https://t.me/cibsecurity/17125", "content": "\u203c CVE-2020-17527 \u203c\n\nWhile investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-03T22:26:23.000000Z"}, {"uuid": "46be64fa-e869-4e51-a792-8a681478588f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17527", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2327", "content": "#exploit\n1. CVE-2020-16842:\nCSRF protection bypass in iTop (ITSM & CMDB)\nhttps://sysdream.com/news/lab/2020-12-14-cve-2020-16842-csrf-protection-bypass-in-itop\n\n2. CVE-2020-17527:\nTomcat Information Leak\nhttps://bz.apache.org/bugzilla/show_bug.cgi?id=64830", "creation_timestamp": "2022-06-29T03:34:56.000000Z"}, {"uuid": "04cbacb3-5234-423e-8581-441fb792bde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17528", "type": "seen", "source": "https://t.me/cibsecurity/18027", "content": "\u203c CVE-2020-17528 \u203c\n\nOut-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:44:29.000000Z"}, {"uuid": "980e8fa0-73fc-4443-9848-b8c74f94ce45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/18030", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:44:33.000000Z"}, {"uuid": "15ecf5b3-3cc0-4a0d-8aae-75a480c742ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17528", "type": "seen", "source": "https://t.me/cibsecurity/18008", "content": "\u203c CVE-2020-17528 \u203c\n\nOut-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:35:33.000000Z"}, {"uuid": "5f4c6f60-2e60-4c11-baad-97a37f2aee0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/18011", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:35:36.000000Z"}, {"uuid": "c4042f05-13ae-41ed-8fe1-3f901ecbe5d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/18049", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:02:19.000000Z"}, {"uuid": "ca3a4a40-9161-4480-a42b-02f4df52a164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17528", "type": "seen", "source": "https://t.me/cibsecurity/17988", "content": "\u203c CVE-2020-17528 \u203c\n\nOut-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:32:31.000000Z"}, {"uuid": "52b02494-9914-423e-ba5c-1aabdc9f8785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/17991", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:32:34.000000Z"}, {"uuid": "d062f2c9-de74-403e-a758-21327cab9fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/18068", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:22:44.000000Z"}, {"uuid": "2e4a24ae-13ac-4b1c-84ee-e98b2aac12f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17529", "type": "seen", "source": "https://t.me/cibsecurity/18088", "content": "\u203c CVE-2020-17529 \u203c\n\nOut-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:25:09.000000Z"}]}