CVE-2016-0956
HIGH7.5EPSS 13.3%Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
Published: 5/14/2022Modified: 2/20/2024
Description
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Affected packages (1)
- Maven/org.apache.sling:org.apache.sling.servlets.postfrom 0, < 2.3.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-0956
- WEBhttp://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html
- WEBhttp://seclists.org/fulldisclosure/2016/Feb/48
- WEBhttps://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
- WEBhttps://www.exploit-db.com/exploits/39435
- WEBhttp://www.securityfocus.com/archive/1/537498/100/0/threaded