Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
History

Wed, 14 Aug 2024 00:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-06-07T14:00:00

Updated: 2024-08-06T00:32:24.897Z

Reserved: 2016-05-02T00:00:00

Link: CVE-2016-4437

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2016-06-07T14:06:13.247

Modified: 2024-07-24T17:05:36.093

Link: CVE-2016-4437

cve-icon Redhat

Severity : Important

Publid Date: 2016-06-03T00:00:00Z

Links: CVE-2016-4437 - Bugzilla