9 matches found
CVE-2026-43828
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
CVE-2026-43828
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora
Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...
Authentication Bypass
scheb/two-factor-bundle is vulnerable to authentication bypass. The 2-factor authentication can be bypassed by logging in with the REMEMBERME cookie and subsequently removing the SESSIONID key...
Apache shiro 1.2.4 version of remote command execution vulnerability details-vulnerability warning-the black bar safety net
Search, I found online about apache shiro 1.2.4 version of the vulnerability consolidation report to write too simple, is perhaps the bigwigs speaking of professional, I this noob can't read the reason, specially in the local do a full show. First from the shiro official get shiro 1.2.4 of the...
rememberme cookie is not cleared when user changes password in Confluence
When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...
rememberme cookie is not cleared when user changes password in Confluence
When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
More info at https://symfony.com/cve-2024-51996...
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
More info at https://symfony.com/cve-2024-51996...