Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMjdtLTYyOHYteHhwMs4AAV_O
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-m27m-628v-xxp2JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMjdtLTYyOHYteHhwMs4AAV_O
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-m27m-628v-xxp2, CVE-2016-0956
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-0956
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
- https://www.exploit-db.com/exploits/39435/
- http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2016/Feb/48
- http://www.securityfocus.com/archive/1/537498/100/0/threaded
- https://github.com/advisories/GHSA-m27m-628v-xxp2
Affected Packages
maven:org.apache.sling:org.apache.sling.servlets.post
Dependent packages: 84Dependent repositories: 676
Downloads:
Affected Version Ranges: <= 2.3.6
Fixed in: 2.3.8
All affected versions: 2.1.0, 2.1.2, 2.2.0, 2.3.0, 2.3.2, 2.3.4, 2.3.6
All unaffected versions: 2.3.8, 2.3.10, 2.3.12, 2.3.14, 2.3.16, 2.3.18, 2.3.20, 2.3.22, 2.3.24, 2.3.26, 2.3.28, 2.3.30, 2.3.32, 2.3.34, 2.3.36, 2.4.2, 2.4.4, 2.4.6, 2.5.0, 2.6.0