You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2016/06/16 21:07:05 UTC
[jira] [Created] (OFBIZ-7373) Update Shiro to 12.5 (CVE-2016-4437)
Jacques Le Roux created OFBIZ-7373:
--------------------------------------
Summary: Update Shiro to 12.5 (CVE-2016-4437)
Key: OFBIZ-7373
URL: https://issues.apache.org/jira/browse/OFBIZ-7373
Project: OFBiz
Issue Type: Sub-task
Components: framework
Affects Versions: Release Branch 15.12, Trunk
Reporter: Jacques Le Roux
Fix For: 15.12.01
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Details at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4437
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)