Contact us to Fix the issue
Overview :
Apache Shiro before 1.4.2 padding attack through susceptible cookies
Affected Product(s) :
  • Apache Shiro 1.4.1
Vulnerability Details :
CVE ID : CVE-2019-12422
Apache Shiro before 1.4.2, when using the default “remember me” configuration, cookies could be susceptible to a padding attack.

Solution :

Upgrade Apache Shiro to version 1.4.2 or higher.