From 2be37dda84d566397a3f85b0ab87a8f2b93c19e2 Mon Sep 17 00:00:00 2001 From: jenkins-metasploit Date: Wed, 6 May 2026 21:23:22 +0000 Subject: [PATCH] automatic module_metadata_base.json update --- db/modules_metadata_base.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 32d136bc4f..826344f279 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -119629,7 +119629,7 @@ "author": [ "L / l-codes " ], - "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable\n installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may\n also be exploitable if the encryption key used by Shiro to encrypt rememberMe\n cookies is known.", + "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable\n installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may\n also be exploitable if the encryption key used by Shiro to encrypt rememberMe\n cookies is known.\n\n The gadget chain used for Java deserialization must be present on the target's classpath.", "references": [ "CVE-2016-4437", "URL-https://github.com/Medicean/VulApps/tree/master/s/shiro/1" @@ -119656,7 +119656,7 @@ "Unix Command payload", "Windows Command payload" ], - "mod_time": "2025-12-17 16:12:31 +0000", + "mod_time": "2026-05-05 17:12:22 +0000", "path": "/modules/exploits/multi/http/shiro_rememberme_v124_deserialize.rb", "is_install_path": true, "ref_name": "multi/http/shiro_rememberme_v124_deserialize",