CVE-2016-0956

HIGH

Apache Sling 2.3.6 - Info Disclosure

Title source: llm

Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vulnerability-Lab · textwebappsmultiple

https://www.exploit-db.com/exploits/39435

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html

[Mailing List] http://seclists.org/fulldisclosure/2016/Feb/48

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/537498/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39435/

Scores

CVSS v3 7.5

EPSS 0.1328

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (5)

adobe/experience_manager 5.6.1

adobe/experience_manager 6.0.0

adobe/experience_manager 6.1.0

apache/sling

org.apache.sling/org.apache.sling.servlets.post 0 - 2.3.8Maven

Published Feb 10, 2016

Tracked Since Feb 18, 2026