CVE-2016-4437 - Apache Shiro Code Execution Vulnerability
Project:Apache
Product:Shiro
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Apache Shiro Code Execution Vulnerability
Description
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-4437