Description

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is using a default rememberme cookie that is encrypted with a hardcoded encryption key. An attacker can create a malicious object, serialize it, encode it, then send it as a cookie. Shiro will then decode and deserialize it.

Remediation

Upgrade to the latest version of Apache Shiro.

References

Randomize default remember me cipher

Related Vulnerabilities

WordPress Plugin CM Download Manager Code Injection (2.0.3)

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11)

Fortinet FortiNAC RCE via arbitrary file upload

Severity

High

Classification

CVE-2016-4437 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Insecure Deserialization Default Credentials Acumonitor