admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Shiro/CVE-2016-4437
History
tardc f9c130ae36 Add CVE-2016-4437
2020-05-25 19:53:00 +08:00
..
CVE-2016-4437_1.png
Add CVE-2016-4437
2020-05-25 19:53:00 +08:00
CVE-2016-4437_2.png
Add CVE-2016-4437
2020-05-25 19:53:00 +08:00
README.md
Add CVE-2016-4437
2020-05-25 19:53:00 +08:00

README.md

CVE-2016-4437 Apache Shiro Deserialization Vulnerability

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Affected Version: Apache Shiro < 1.2.5

FOFA query rule: app="Apache-Shiro"

Demo