CVE-2016-4437: Apache Shiro Code Execution Vulnerability. Apache Shiro
Apache Shiro Code Execution Vulnerability. Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
- CISA KEV-listed (remediation due 2022-05-03)
- EPSS 94.3% (99.9% percentile)