[OFBIZ-7373] Update Shiro to 1.2.5 (CVE-2016-4437) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: Release Branch 15.12, Trunk
Fix Version/s: 15.12.01
Component/s: framework
Labels:
- CVE

Sprint:
Bug Crush Event - 21/2/2015

Description

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Details at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4437

Attachments

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Jun/16 21:06

Updated:: 17/Dec/16 09:26

Resolved:: 19/Jun/16 22:31