CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

CVSS v3 9.8 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2035.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2036.html	Third Party Advisory
http://www.securityfocus.com/archive/1/538570/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/91024	Broken Link Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E	Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:aurora::::::::
	cpe:2.3:a:apache:shiro::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:fuse:1.0:::::::*
	cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:::::middleware::

History

No history.

Information

Published : 2016-06-07 14:06

Updated : 2024-07-24 17:05

NVD link : CVE-2016-4437

Mitre link : CVE-2016-4437

CVE.ORG link : CVE-2016-4437

JSON object : View

Products Affected

redhat

fuse
jboss_middleware_text-only_advisories

apache

aurora
shiro

CWE

NVD-CWE-noinfo

{"id": "CVE-2016-4437", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-06-07T14:06:13.247", "references": [{"url": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/538570/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/91024", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E", "tags": ["Mailing List"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter."}, {"lang": "es", "value": "Apache Shiro en versiones anteriores a 1.2.5, cuando una clave de cifrado no ha sido configurada por la caracter\u00edstica \"remember me\", permite a atacantes remotos ejecutar c\u00f3digo arbitrario o eludir las restricciones destinadas al acceso a trav\u00e9s de un par\u00e1metro request no especificado."}], "lastModified": "2024-07-24T17:05:36.093", "cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:aurora:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E4E49B7-6247-4353-A80D-ADE138DD0967", "versionEndExcluding": "0.18.1", "versionStartIncluding": "0.10.0"}, {"criteria": "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF5BF73-85B5-4422-B100-EE22B38F574A", "versionEndExcluding": "1.2.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "077732DB-F5F3-4E9C-9AC0-8142AB85B32F"}, {"criteria": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*", "vulnerable": true, "matchCriteriaId": "A0FED4EE-0AE2-4BD8-8DAC-143382E4DB7C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache Shiro Code Execution Vulnerability"}