Vulnerability Description
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Sling | All versions |
| Adobe | Experience Manager | 5.6.1 |
| Apple | Mac Os X | All versions |
| Linux | Linux Kernel | All versions |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Informa
- http://seclists.org/fulldisclosure/2016/Feb/48
- http://www.securityfocus.com/archive/1/537498/100/0/threaded
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.htmlPatchVendor Advisory
- https://www.exploit-db.com/exploits/39435/
- http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Informa
- http://seclists.org/fulldisclosure/2016/Feb/48
- http://www.securityfocus.com/archive/1/537498/100/0/threaded
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.htmlPatchVendor Advisory
- https://www.exploit-db.com/exploits/39435/
FAQ
What is CVE-2016-0956?
CVE-2016-0956 is a vulnerability with a CVSS score of 7.5 (HIGH). The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
How severe is CVE-2016-0956?
CVE-2016-0956 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0956?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Sling, Adobe Experience Manager, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows.