Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Remediation

References

http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html

http://seclists.org/fulldisclosure/2016/Feb/48

http://www.securityfocus.com/archive/1/537498/100/0/threaded

https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

https://www.exploit-db.com/exploits/39435/

Related Vulnerabilities

CVE-2013-4152 Vulnerability in maven package org.springframework:spring-oxm

CVE-2022-0624 Vulnerability in maven package org.webjars.npm:parse-path

CVE-2017-16025 Vulnerability in npm package nes

CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15to18

CVE-2018-8039 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory