You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2016/06/16 21:07:05 UTC

[jira] [Created] (OFBIZ-7373) Update Shiro to 12.5 (CVE-2016-4437)

Jacques Le Roux created OFBIZ-7373:
--------------------------------------

             Summary: Update Shiro to 12.5 (CVE-2016-4437)
                 Key: OFBIZ-7373
                 URL: https://issues.apache.org/jira/browse/OFBIZ-7373
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
    Affects Versions: Release Branch 15.12, Trunk
            Reporter: Jacques Le Roux
             Fix For: 15.12.01


Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Details at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4437



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)