1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Apache Shiro Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2016-4437 Mappings

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2016-4437 Apache Shiro Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2016-4437 is a code execution vulnerability in Apache Shiro that allows remote attackers to execute code or bypass access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
References
  1. https://s4e.io/tools/apache-shiro-remote-code-execution-rce-cve-2016-4437
  2. https://attackerkb.com/topics/FkiFlo1T9T/cve-2016-4437
CVE-2016-4437 Apache Shiro Code Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2016-4437 is a code execution vulnerability in Apache Shiro that allows remote attackers to execute code or bypass access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
References
  1. https://s4e.io/tools/apache-shiro-remote-code-execution-rce-cve-2016-4437
  2. https://attackerkb.com/topics/FkiFlo1T9T/cve-2016-4437