CVE-2019-12422
N/A
N/A
Summary
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache | Shiro | to 1.4.1 | affected |
Weaknesses
- Weak Cookie Vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c%40%3Cdev.shiro.apache.org%3E
- https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040%40%3Ccommits.shiro.apache.org%3E
References
- https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c%40%3Cdev.shiro.apache.org%3E
- https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040%40%3Ccommits.shiro.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.