Vulnerability CVE-2016-0956
Published: 2016-02-10

Description:
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Apache Sling Framework v2.3.6 (Adobe AEM) Information Disclosure Vulnerability
Vulnerability La...
11.02.2016

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Apache -> Sling 
Adobe -> Experience manager 

 References:
http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html
http://seclists.org/fulldisclosure/2016/Feb/48
http://www.securityfocus.com/archive/1/537498/100/0/threaded
https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
https://www.exploit-db.com/exploits/39435/
Copyright 2024, cxsecurity.com

 

Back to Top