Apache Aurora vulnerabilities

CVE-2024-27905 [CRITICAL] CWE-200 CVE-2024-27905: ** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in o

CVE-2016-4437 [CRITICAL] CWE-321 CVE-2016-4437: Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.