CVE-2019-12422
Apache Shiro before 1.4.2 is vulnerable when using the default remember-me configuration, due to a padding attack on cookies. The issue is described across multiple connected entries (e.g., Nessus/Apache Shiro padding attack reports) and affects the remember-me cookie handling, enabling potential...