CVE-2019-12422

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/11/2019
Last modified:
17/06/2026

Description

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:* 1.4.2 (excluding)