TROYANOSYVIRUS
Retour aux CVEs

CVE-2016-4437

CRITICALCISA KEV
9.8

Description

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie6/7/2016
Derniere modification10/22/2025
Sourcekev
Observations honeypot0

CISA KEV

FournisseurApache
ProduitShiro
Nom vulnerabiliteApache Shiro Code Execution Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown

Produits affectes

apache:auroraapache:shiroredhat:fuseredhat:jboss_middleware_text-only_advisories

Faiblesses (CWE)

CWE-321

References

http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html(secalert@redhat.com)
http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-2035.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-2036.html(secalert@redhat.com)
http://www.securityfocus.com/archive/1/538570/100/0/threaded(secalert@redhat.com)
http://www.securityfocus.com/bid/91024(secalert@redhat.com)
https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E(secalert@redhat.com)
http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2035.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2036.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/538570/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91024(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4437(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.