VDB

CVE-2019-12422

CVE-2019-12422 PUBLISHED

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

EPSS 54.90% · 98.1th percentile

Risk Scores

EPSS Score
54.90%
98.1th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:18.04:LTSshiro1.3.2-2, 1.3.2-3~18.04, 1.3.2-3ubuntu0.18.04.1~esm1
Ubuntu:22.04:LTSshiro0, 1.3.2-4, 1.3.2-5
Ubuntu:24.04:LTSshiro0, 1.3.2-5
Ubuntu:20.04:LTSshiro0, 1.3.2-4, 1.3.2-4ubuntu0.1
Ubuntu:Pro:16.04:LTSshiro0, 1.2.4-1, 1.2.4-1ubuntu0.1~esm1

Exploit Intelligence

…and 1 more exploits

Timeline

  • Nov 18, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 6, 2023 CVE Updated
  • Mar 11, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›