ID

VAR-201602-0318


CVE

CVE-2016-0956


TITLE

Adobe Experience Manager Used in Apache Sling of Servlets Post Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-001449

DESCRIPTION

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. Apache Sling is an open source web framework for the Java platform developed by the Apache Software Foundation. The framework can create content-oriented applications on JCR Content Repository (Java Content Repository). Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. Servlets Post is one of those containers. A remote attacker could exploit this vulnerability to obtain sensitive information. The following versions are affected: AEM Version 5.6.1, Version 6.0.0, Version 6.1.0, Servlets Post Version 2.3.6

Trust: 1.8

sources: NVD: CVE-2016-0956 // JVNDB: JVNDB-2016-001449 // VULHUB: VHN-88466 // VULMON: CVE-2016-0956

AFFECTED PRODUCTS

vendor:apachemodel:slingscope:eqversion:*

Trust: 1.0

vendor:adobemodel:experience managerscope:eqversion:5.6.1

Trust: 1.0

vendor:adobemodel:experience managerscope:eqversion:6.0.0

Trust: 1.0

vendor:adobemodel:experience managerscope:eqversion:6.1.0

Trust: 1.0

vendor:apachemodel:sling servlets postscope:eqversion:2.3.6

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:5.6.1 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.0.0 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.1.0 (windows/unix/linux/os x)

Trust: 0.8

vendor:apachemodel:slingscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-001449 // CNNVD: CNNVD-201602-219 // NVD: CVE-2016-0956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0956
value: HIGH

Trust: 1.0

NVD: CVE-2016-0956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-219
value: HIGH

Trust: 0.6

VULHUB: VHN-88466
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0956
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0956
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88466
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0956
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-88466 // VULMON: CVE-2016-0956 // JVNDB: JVNDB-2016-001449 // CNNVD: CNNVD-201602-219 // NVD: CVE-2016-0956

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-88466 // JVNDB: JVNDB-2016-001449 // NVD: CVE-2016-0956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-219

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-219

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001449

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-88466 // VULMON: CVE-2016-0956

PATCH

title:APSB16-05url:http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Trust: 0.8

title:APSB16-05url:http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html

Trust: 0.8

title:Downloadsurl:https://sling.apache.org/downloads.cgi

Trust: 0.8

title:Adobe Experience Manager Apache Sling Servlets Post Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60161

Trust: 0.6

title:Twitter-Seclistsurl:https://github.com/securibee/Twitter-Seclists

Trust: 0.1

title:aemscan_editurl:https://github.com/andyacer/aemscan_edit

Trust: 0.1

title:AEMVSurl:https://github.com/TheRipperJhon/AEMVS

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: VULMON: CVE-2016-0956 // JVNDB: JVNDB-2016-001449 // CNNVD: CNNVD-201602-219

EXTERNAL IDS

db:NVDid:CVE-2016-0956

Trust: 2.6

db:PACKETSTORMid:135720

Trust: 1.2

db:EXPLOIT-DBid:39435

Trust: 1.2

db:JVNDBid:JVNDB-2016-001449

Trust: 0.8

db:CNNVDid:CNNVD-201602-219

Trust: 0.7

db:VULHUBid:VHN-88466

Trust: 0.1

db:BIDid:83119

Trust: 0.1

db:VULMONid:CVE-2016-0956

Trust: 0.1

sources: VULHUB: VHN-88466 // VULMON: CVE-2016-0956 // JVNDB: JVNDB-2016-001449 // CNNVD: CNNVD-201602-219 // NVD: CVE-2016-0956

REFERENCES

url:https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Trust: 1.8

url:https://www.exploit-db.com/exploits/39435/

Trust: 1.3

url:http://www.securityfocus.com/archive/1/537498/100/0/threaded

Trust: 1.2

url:http://seclists.org/fulldisclosure/2016/feb/48

Trust: 1.2

url:http://packetstormsecurity.com/files/135720/apache-sling-framework-2.3.6-information-disclosure.html

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0956

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0956

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/securibee/twitter-seclists

Trust: 0.1

url:https://www.securityfocus.com/bid/83119

Trust: 0.1

sources: VULHUB: VHN-88466 // VULMON: CVE-2016-0956 // JVNDB: JVNDB-2016-001449 // CNNVD: CNNVD-201602-219 // NVD: CVE-2016-0956

SOURCES

db:VULHUBid:VHN-88466
db:VULMONid:CVE-2016-0956
db:JVNDBid:JVNDB-2016-001449
db:CNNVDid:CNNVD-201602-219
db:NVDid:CVE-2016-0956

LAST UPDATE DATE

2024-08-14T15:39:50.642000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-88466date:2018-10-09T00:00:00
db:VULMONid:CVE-2016-0956date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2016-001449date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-219date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0956date:2018-10-09T19:58:57.880

SOURCES RELEASE DATE

db:VULHUBid:VHN-88466date:2016-02-10T00:00:00
db:VULMONid:CVE-2016-0956date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2016-001449date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-219date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0956date:2016-02-10T20:59:08.623