Unconfigured Cipher Key Vulnerability in Apache Shiro

Unconfigured Cipher Key Vulnerability in Apache Shiro

CVE-2016-4437 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Learn more about our Web Application Penetration Testing UK.