Published: 10/02/2016 Updated: 09/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 786

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote malicious users to obtain sensitive information via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache sling
adobe experience_manager 6.1.0
adobe experience_manager 6.0.0
adobe experience_manager 5.6.1

Document Title: =============== Apache Sling Framework v236 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability References (Source): ==================== wwwvulnerability-labcom/get_contentphp?id=1536 Adobe Bulletin: helpxadobecom/security/products/experience-manager/apsb16-05html webnvdnistgov/vi ...

Apache Sling Framework version 236 suffers from an information disclosure vulnerability ...

Edited version of aemscan

aemscan Adobe Experience Manager Vulnerability Scanner raz0rname/releases/adobe-experience-manager-vulnerability-scanner/ Features Default credentials bruteforce Info leak via default error page WebDav support check (WebDav OSGI XXE CVE-2015-1833) Version detection Useful paths scanner Installation $ python setuppy install Usage $ aemscan <url> TODO C

Adobe Experience Manager Vulnerability Scanner

aemscan Adobe Experience Manager Vulnerability Scanner raz0rname/releases/adobe-experience-manager-vulnerability-scanner/ Features Default credentials bruteforce Info leak via default error page WebDav support check (WebDav OSGI XXE CVE-2015-1833) Version detection Useful paths scanner Installation $ python setuppy install Usage $ aemscan <url> TODO C

Adobe Experience Manager Vulnerability Scanner

aemscan Adobe Experience Manager Vulnerability Scanner raz0rname/releases/adobe-experience-manager-vulnerability-scanner/ Features Default credentials bruteforce Info leak via default error page WebDav support check (WebDav OSGI XXE CVE-2015-1833) Version detection Useful paths scanner Installation $ python setuppy install Usage $ aemscan <url> TODO C

CWE-200 https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html https://www.exploit-db.com/exploits/39435/http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/48 http://www.securityfocus.com/archive/1/537498/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/39435/https://github.com/andyacer/aemscan_edit

CVE-2016-0956

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect