CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-4437

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score47.7820%
EPSS Percentile95.63th
Published2016年6月7日
Last Modified2026年4月22日

Vulnerability Description

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Affected Platforms (CPE)

📦
Apache

Aurora

>= 0.10.0 and < 0.18.1
📦
Apache

Shiro

< 1.2.5
📦
Redhat

Fuse

= 1.0
📦
Redhat

Jboss Middleware Text Only Advisories

= 1.0

References & Advisories

🔗 http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html
🔗 http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html
🔗 http://rhn.redhat.com/errata/RHSA-2016-2035.html
🔗 http://rhn.redhat.com/errata/RHSA-2016-2036.html
🔗 http://www.securityfocus.com/archive/1/538570/100/0/threaded
🔗 http://www.securityfocus.com/bid/91024
🔗 https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E
🔗 http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html

関連する脆弱性情報

CVE-2021-4187310.0

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized a...

CVE-2021-262939.8

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow director...

CVE-2007-00189.3

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allo...

CVE-2010-02498.8

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Window...