Latest Security News about cve 2019 12422

Apache Shiro before 1.4.2 prone to padding attack

Overview : Apache Shiro before 1.4.2 padding attack through susceptible cookies Affected Product(s) : Apache Shiro 1.4.1 Vulnerability Details : CVE ID : CVE-2019-12422 Apache Shiro before 1.4.2, when using the default “remember me” configuration, cookies could be susceptible to a padding attack. Solution : Upgrade Apache Shiro to version 1.4.2 or higher.