Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Remediation

References

http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html

http://seclists.org/fulldisclosure/2016/Feb/48

http://www.securityfocus.com/archive/1/537498/100/0/threaded

https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

https://www.exploit-db.com/exploits/39435/

Related Vulnerabilities

CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:xmpbox

CVE-2023-35157 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-24429 Vulnerability in npm package convert-svg-core

CVE-2018-9206 Vulnerability in maven package org.webjars.npm:blueimp-file-upload

CVE-2020-28472 Vulnerability in npm package aws-sdk

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory