Vulnerability feed

Vulnerability

CVE-2016-4437

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2016-4437
Description:: Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Last updated date:: 07/24/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 07/23/2021
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/27/2020
Reference url to background: https://github.com/bkfish/Awesome_shiro

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/26/2020
Reference url to background: https://github.com/jas502n/SHIRO-550

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/27/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/shiro_rememberme_v124_deserialize.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/23/2021
Reference url to background: https://github.com/4nth0ny1130/shisoserial

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/24/2024
Reference url to background: http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |