Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Remediation

References

http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html

http://seclists.org/fulldisclosure/2016/Feb/48

http://www.securityfocus.com/archive/1/537498/100/0/threaded

https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

https://www.exploit-db.com/exploits/39435/

Related Vulnerabilities

CVE-2023-29201 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml

CVE-2020-7768 Vulnerability in npm package grpc

CVE-2011-2481 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-7774 Vulnerability in maven package org.webjars.npm:y18n

CVE-2022-21700 Vulnerability in maven package io.micronaut:micronaut-http

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory