Описание
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-0956
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
- https://www.exploit-db.com/exploits/39435
- http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2016/Feb/48
- http://www.securityfocus.com/archive/1/537498/100/0/threaded
Пакеты
Наименование
org.apache.sling:org.apache.sling.servlets.post
maven
Затронутые версииВерсия исправления
<= 2.3.6
2.3.8
Связанные уязвимости
CVSS3: 7.5
nvd
почти 10 лет назад
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.