VDB
DEBIAN-CVE-2016-4437
DEBIAN-CVE-2016-4437
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | shiro | 0, 0, 0 |
| Debian:11 | shiro | 0, 0, 0 |
| Debian:12 | shiro | 0, 0, 0 |
Timeline
- Jun 7, 2016 CVE Published
- Apr 28, 2026 CVE Updated