J2EEScan icon indicating copy to clipboard operation
J2EEScan copied to clipboard

Published 20 hours ago verified publisher icon ilmila

shiro-550 CVE-2016-4437

Open bigsizeme opened this issue 4 years ago • 1 comments

The code is not very standardized, you can modify it. Thank you

bigsizeme avatar Jun 16 '20 08:06 bigsizeme

Thank you for the PR.

I have few comments:

  • The check will run even if the remote target does not have Apache Shiro library. Is it possible to add a detection check for Apache Shiro? So the check for the CVE-2016-4437 runs only if the framework is detected?
  • Could you please clean up the code, removing the unused comments and insert some functional comments regarding the detection strategy?

ilmila avatar Jun 29 '20 07:06 ilmila