HTTP: Apache Shiro Cookie RememberME Deserial RCE
This signature detects attempts to exploit a known vulnerability against Apache Shiro. A successful attack can lead to arbitrary code execution.
Extended Description
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Affected Products
Redhat fuse
References
CVE: CVE-2016-4437
Short Name
HTTP:APACHE:COOKIE-REMEMBEME-CE
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2016-4437 Cookie Deserial RCE RememberME Shiro
Release Date
09/02/2021
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3846
False Positive
Unknown
Vendors
Redhat
Apache
CVSS Score
6.8