Apache Shiro 1.2.4 Cookie RememberME Deserial Remote Code Execution Vulnerability
NVDKnown Exploited Vulnerability
CVE-2016-4437, Apache Shiro 1.2.4 Cookie RememberME Deserial Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.