⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2016-4437

CWE-321CWE-284Improper Access ControlCWE-287Improper Authentication15 documents13 sources
Severity
9.8CRITICAL
EPSS
94.3%
top 0.07%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Apache AuroraApache ShiroRedhat Fuse+1 more
Timeline
PublishedJun 7
KEV addedNov 3
KEV dueMay 3
Latest updateDec 5
CISA Required Action: Apply updates per vendor instructions.

Description

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDapache/shiro< 1.2.5
NVDapache/aurora0.10.00.18.1
Debianshiro< 1.2.5-1+2
NVDredhat/fuse1.0

🔴Vulnerability Details

5
OSV
Improper Access Control in Apache Shiro2022-05-14
GHSA
Improper Access Control in Apache Shiro2022-05-14
CVEList
CVE-2016-4437: Apache Shiro before 12016-06-07
OSV
CVE-2016-4437: Apache Shiro before 12016-06-07
VulnCheck
Apache Shiro Code Execution Vulnerability2016

💥Exploits & PoCs

2
Exploit-DB
Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)2020-05-01
Nuclei
Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability

🔍Detection Rules

2
Suricata
ET EXPLOIT Possible Apache Shiro 1.2.4 Cookie RememberME Deserial RCE (CVE-2016-4437)2021-10-27
Suricata
ET EXPLOIT Amcrest Camera and NVR Buffer Overflow Attempt (CVE-2020-5735)2021-10-27

📋Vendor Advisories

4
Ubuntu
Apache Shiro vulnerability2024-12-05
CISA
Apache Shiro Code Execution Vulnerability2021-11-03
Red Hat
shiro: Security constraint bypass2016-06-03
Debian
CVE-2016-4437: shiro - Apache Shiro before 1.2.5, when a cipher key has not been configured for the "re...2016

💬Community

1
Bugzilla
CVE-2016-4437 shiro: Security constraint bypass2016-06-07
CVE-2016-4437 (CRITICAL CVSS 9.8) | Apache Shiro before 1.2.5 | cvebase.io