Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
1.0.0-incubating - 1.2.4
Description:
A default cipher key is used for the "remember me" feature when not
explicitly configured. A request that included a specially crafted
request parameter could be used to execute a
The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.
This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].
CVE-2016-6802:
Apache Shiro before 1.3.2, when using a non-root servlet context path,
specifically craf