CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*

Information

Published : 2016-06-07 07:06

Updated : 2018-10-09 13:00


NVD link : CVE-2016-4437

Mitre link : CVE-2016-4437


JSON object : View

CWE
CWE-284

Improper Access Control

Advertisement

dedicated server usa

Products Affected

apache

  • shiro