Vulnerability Details : CVE-2016-4437
Public exploit exists!
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Vulnerability category: Execute code
Products affected by CVE-2016-4437
- cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*
- cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:aurora:*:*:*:*:*:*:*:*
CVE-2016-4437 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apache Shiro Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2016-4437
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2016-4437
97.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-4437
-
Apache Shiro v1.2.4 Cookie RememberME Deserial RCE
Disclosure Date: 2016-06-07First seen: 2020-05-14exploit/multi/http/shiro_rememberme_v124_deserializeThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may also be exploitable if the encryption key used by Shiro to encrypt rememberMe cookies is know
CVSS scores for CVE-2016-4437
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-24 |
References for CVE-2016-4437
-
https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4@%3Cannouncements.aurora.apache.org%3E
[CVE-2016-4437] Apache Aurora information disclosure vulnerability - Pony Mail
-
http://rhn.redhat.com/errata/RHSA-2016-2035.html
RHSA-2016:2035 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E
[CVE-2016-4437] Apache Aurora information disclosure vulnerability-Apache Mail ArchivesMailing List
-
http://rhn.redhat.com/errata/RHSA-2016-2036.html
RHSA-2016:2036 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html
Apache Shiro 1.2.4 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/538570/100/0/threaded
SecurityFocusBroken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/91024
Apache Shiro CVE-2016-4437 Information Disclosure VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html
Apache Shiro 1.2.4 Information Disclosure ≈ Packet StormThird Party Advisory;VDB Entry
Jump to