Unconfigured Cipher Key Vulnerability in Apache Shiro
CVE-2016-4437 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Learn more about our Web Application Penetration Testing UK.