Sign-up

ID

VAR-201602-0318


CVE

CVE-2016-0956


TITLE

Adobe Experience Manager Used in Apache Sling of Servlets Post Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-001449

DESCRIPTION

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. Apache Sling is an open source web framework for the Java platform developed by the Apache Software Foundation. The framework can create content-oriented applications on JCR Content Repository (Java Content Repository). Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. Servlets Post is one of those containers. A remote attacker could exploit this vulnerability to obtain sensitive information. The following versions are affected: AEM Version 5.6.1, Version 6.0.0, Version 6.1.0, Servlets Post Version 2.3.6

Trust: 1.8

sources: NVD: CVE-2016-0956 // JVNDB: JVNDB-2016-001449 // VULHUB: VHN-88466 // VULMON: CVE-2016-0956

AFFECTED PRODUCTS

vendor:apachemodel:slingscope:eqversion:*

Trust: 1.0

vendor:adobemodel:experience managerscope:eqversion:5.6.1

Trust: 1.0

vendor:adobemodel:experience managerscope:eqversion:6.0.0

Trust: 1.0

vendor:adobemodel:experience managerscope:eqversion:6.1.0

Trust: 1.0

vendor:apachemodel:sling servlets postscope:eqversion:2.3.6

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:5.6.1 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.0.0 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.1.0 (windows/unix/linux/os x)

Trust: 0.8

vendor:apachemodel:slingscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-001449 // CNNVD: CNNVD-201602-219 // NVD: CVE-2016-0956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0956
value: HIGH

Trust: 1.0

NVD: CVE-2016-0956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-219
value: HIGH

Trust: 0.6

VULHUB: VHN-88466
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0956
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0956
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88466
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0956
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-88466 // VULMON: CVE-2016-0956 // JVNDB: JVNDB-2016-001449 // CNNVD: CNNVD-201602-219 // NVD: CVE-2016-0956

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-88466 // JVNDB: JVNDB-2016-001449 // NVD: CVE-2016-0956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-219

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001449

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-88466 // 
            
            
            
            VULMON: CVE-2016-0956

PATCH
title:APSB16-05url:http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
Trust: 0.8
title:APSB16-05url:http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html
Trust: 0.8
title:Downloadsurl:https://sling.apache.org/downloads.cgi
Trust: 0.8
title:Adobe Experience Manager Apache Sling Servlets Post Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60161
Trust: 0.6
title:Twitter-Seclistsurl:https://github.com/securibee/Twitter-Seclists 
Trust: 0.1
title:aemscan_editurl:https://github.com/andyacer/aemscan_edit 
Trust: 0.1
title:AEMVSurl:https://github.com/TheRipperJhon/AEMVS 
Trust: 0.1
title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-0956 // 
            
            
            
            JVNDB: JVNDB-2016-001449 // 
            
            
            
            CNNVD: CNNVD-201602-219

EXTERNAL IDS
db:NVDid:CVE-2016-0956
Trust: 2.6
db:PACKETSTORMid:135720
Trust: 1.2
db:EXPLOIT-DBid:39435
Trust: 1.2
db:JVNDBid:JVNDB-2016-001449
Trust: 0.8
db:CNNVDid:CNNVD-201602-219
Trust: 0.7
db:VULHUBid:VHN-88466
Trust: 0.1
db:BIDid:83119
Trust: 0.1
db:VULMONid:CVE-2016-0956
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88466 // 
            
            
            
            VULMON: CVE-2016-0956 // 
            
            
            
            JVNDB: JVNDB-2016-001449 // 
            
            
            
            CNNVD: CNNVD-201602-219 // 
            
            
            
            NVD: CVE-2016-0956

REFERENCES
url:https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
Trust: 1.8
url:https://www.exploit-db.com/exploits/39435/
Trust: 1.3
url:http://www.securityfocus.com/archive/1/537498/100/0/threaded
Trust: 1.2
url:http://seclists.org/fulldisclosure/2016/feb/48
Trust: 1.2
url:http://packetstormsecurity.com/files/135720/apache-sling-framework-2.3.6-information-disclosure.html
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0956
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0956
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/securibee/twitter-seclists
Trust: 0.1
url:https://www.securityfocus.com/bid/83119
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88466 // 
            
            
            
            VULMON: CVE-2016-0956 // 
            
            
            
            JVNDB: JVNDB-2016-001449 // 
            
            
            
            CNNVD: CNNVD-201602-219 // 
            
            
            
            NVD: CVE-2016-0956

SOURCES
db:VULHUBid:VHN-88466
db:VULMONid:CVE-2016-0956
db:JVNDBid:JVNDB-2016-001449
db:CNNVDid:CNNVD-201602-219
db:NVDid:CVE-2016-0956

LAST UPDATE DATE
2024-08-14T15:39:50.642000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-88466date:2018-10-09T00:00:00
db:VULMONid:CVE-2016-0956date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2016-001449date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-219date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0956date:2018-10-09T19:58:57.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-88466date:2016-02-10T00:00:00
db:VULMONid:CVE-2016-0956date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2016-001449date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-219date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0956date:2016-02-10T20:59:08.623