# N/A
## 概述
Apache Shiro 在 1.2.5 之前的版本中,如果未配置用于 "记住我" 功能的密钥,则远程攻击者可以通过某个未指定的请求参数执行任意代码或绕过预期的访问限制。
## 影响版本
- Apache Shiro 1.2.5 之前的版本
## 细节
当 "remember me" 特性没有配置密钥时,攻击者可以利用未指定的请求参数执行任意代码或绕过访问控制限制。
## 影响
- 远程代码执行
- 访问控制绕过
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2016-4437-Shiro反序列化爆破模块和key,命令执行,反弹shell的脚本 | https://github.com/bkfish/Awesome_shiro | POC详情 |
| 2 | None | https://github.com/m3terpreter/CVE-2016-4437 | POC详情 |
| 3 | 一个针对shiro反序列化漏洞(CVE-2016-4437)的快速利用工具/A simple tool targeted at shiro framework attacks with ysoserial. | https://github.com/4nth0ny1130/shisoserial | POC详情 |
| 4 | Python POC to Exploit CVE-2016-4437 Apache Shiro Deserialization Vulnerability Due to Hardcode Encryption Key | https://github.com/pizza-power/CVE-2016-4437 | POC详情 |
| 5 | 1.验证CVE-2016-4437、2.解析rememberMe的文件和CBC加密的IV偏移 | https://github.com/xk-mt/CVE-2016-4437 | POC详情 |
| 6 | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-4437.yaml | POC详情 |
| 7 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Shiro%201.2.4%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%20CVE-2016-4437.md | POC详情 |
| 8 | https://github.com/vulhub/vulhub/blob/master/shiro/CVE-2016-4437/README.md | POC详情 |