Description

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is using a default rememberme cookie that is encrypted with a hardcoded encryption key. An attacker can create a malicious object, serialize it, encode it, then send it as a cookie. Shiro will then decode and deserialize it.

Remediation

Upgrade to the latest version of Apache Shiro.

References

Randomize default remember me cipher

Related Vulnerabilities

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8)

WordPress Plugin WP Super Cache Remote Code Execution (1.7.1)

PHP object deserialization of user-supplied data

Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)

AjaxControlToolkit directory traversal

Severity

High

Classification

CVE-2016-4437 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Insecure Deserialization Default Credentials Acumonitor