CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:03

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c@%3Cdev.shiro.apache.org%3E', 'name': '[shiro-dev] 20191118 [ANNOUNCE][CVE-2019-12422] Apache Shiro 1.4.2 released', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E', 'name': '[shiro-commits] 20200622 svn commit: r1879088 - /shiro/site/publish/security-reports.html', 'tags': ['Mailing List', 'Patch'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040%40%3Ccommits.shiro.apache.org%3E -
  • () https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c%40%3Cdev.shiro.apache.org%3E -

Information

Published : 2019-11-18 23:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-12422

Mitre link : CVE-2019-12422

CVE.ORG link : CVE-2019-12422


JSON object : View

Products Affected

apache

  • shiro