admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 01:40:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2016-4437

Browse Source
This commit is contained in:
tardc 2020-05-25 19:53:00 +08:00
parent 8fa66ef91d
commit f9c130ae36
3 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Shiro/CVE-2016-4437/CVE-2016-4437_1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 134 KiB

BIN
Shiro/CVE-2016-4437/CVE-2016-4437_2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 141 KiB

13
Shiro/CVE-2016-4437/README.md Normal file
View File

@ -0,0 +1,13 @@
# CVE-2016-4437 Apache Shiro Deserialization Vulnerability
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
**Affected Version**: Apache Shiro < 1.2.5
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJBcGFjaGUtU2hpcm8i) query rule**: app="Apache-Shiro"
# Demo
![](CVE-2016-4437_1.png)
![](CVE-2016-4437_2.png)