Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Remediation

References

http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html

http://seclists.org/fulldisclosure/2016/Feb/48

http://www.securityfocus.com/archive/1/537498/100/0/threaded

https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

https://www.exploit-db.com/exploits/39435/

Related Vulnerabilities

CVE-2022-25210 Vulnerability in maven package com.convertigo.jenkins.plugins:convertigo-mobile-platform

CVE-2023-49299 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master

CVE-2014-3490 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxb-provider

CVE-2019-10767 Vulnerability in npm package iobroker.js-controller

CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory