CVE-2016-4437 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-4437 PUBLISHED KEV

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

EPSS 94.25% · 99.9th percentile

Risk Scores

EPSS Score

94.25%

99.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	shiro	0, 1.2.4-1

Timeline

Jun 7, 2016 CVE Published
Apr 30, 2020 PoC Published
Oct 27, 2021 PoC Published
Nov 3, 2021 CISA KEV Added
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-4437 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-4437 third-party-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory
https://ubuntu.com/security/notices/USN-7139-1 vendor-advisory

Open in Interactive Console →