Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 00:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-06-07T14:00:00
Updated: 2024-08-06T00:32:24.897Z
Reserved: 2016-05-02T00:00:00
Link: CVE-2016-4437
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-06-07T14:06:13.247
Modified: 2024-07-24T17:05:36.093
Link: CVE-2016-4437
Redhat