Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
Max CVSS
7.5
EPSS Score
0.30%
Published
2016-09-20
Updated
2018-10-09
CVE-2016-4437
Known exploited
Public exploit
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Max CVSS
8.1
EPSS Score
97.49%
Published
2016-06-07
Updated
2018-10-09
CISA KEV Added
2021-11-03
2 vulnerabilities found