CVE-2016-6802
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
Date published : 2016-09-20
http://www.securityfocus.com/bid/92947
http://www.securityfocus.com/archive/1/539397/100/0/threaded