Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Remediation

References

https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

https://www.exploit-db.com/exploits/39435/

http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html

http://seclists.org/fulldisclosure/2016/Feb/48

http://www.securityfocus.com/archive/1/537498/100/0/threaded

Related Vulnerabilities

CVE-2021-41084 Vulnerability in maven package org.http4s:http4s-server_3

CVE-2018-11651 Vulnerability in maven package org.graylog2:graylog2-server

CVE-2018-20676 Vulnerability in maven package org.fujion.webjars:bootstrap

CVE-2023-34104 Vulnerability in maven package org.webjars.npm:fast-xml-parser

CVE-2019-11082 Vulnerability in maven package de.tudarmstadt.ukp.dkpro.core:de.tudarmstadt.ukp.dkpro.core.api.datasets-asl

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory