Apache Shiro Java deserialization vulnerability fix record

I got a warning from Ari

Ali vulnerability scanning system

The solution is borrowed from blog.csdn.net/Fly_hps/art… Download the Windows scanning tools at https://github.com/feihong-cs/ShiroExploit/releases

1. Check the current status. Double-click to open the JAR package

The choice here is actually the first two choices feel the same

So you can see all of these things that have been scanned through the default secret key vulnerability and this is a secret key bumping process, and if the secret key matches, you get some permissions

Serach.maven.org to find these coordinates

Replace it and restart the server and test it again. This is a secret key bumping process. If the secret keys match, you’ve got some permissions

At this point the reinforcement is complete

Apache Shiro Java deserialization vulnerability fix record

Related Posts

# Object-oriented Design Thoughts

Why do programmers keep blogging

Java Batch database write millions of records! Half the time