OFBiz OFBiz - Dev

[jira] [Created] (OFBIZ-7373) Update Shiro to 12.5 (CVE-2016-4437)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (OFBIZ-7373) Update Shiro to 12.5 (CVE-2016-4437)

Nicolas Malin (Jira)
Jacques Le Roux created OFBIZ-7373:
--------------------------------------

             Summary: Update Shiro to 12.5 (CVE-2016-4437)
                 Key: OFBIZ-7373
                 URL: https://issues.apache.org/jira/browse/OFBIZ-7373
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
    Affects Versions: Release Branch 15.12, Trunk
            Reporter: Jacques Le Roux
             Fix For: 15.12.01


Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Details at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4437



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Free forum by Nabble Edit this page