Apache Shiro : Security vulnerabilities, CVEs Code Execution published in 2016

CVE-2016-4437

Known exploited

Public exploit

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Max CVSS

8.1

EPSS Score

97.49%

Published

2016-06-07

Updated

2018-10-09

CISA KEV Added

2021-11-03

1 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!

Accept Close

Apache » Shiro : Security Vulnerabilities, CVEs, Published In 2016 (Code Execution)

CVE-2016-4437