CVE-2016-0957

HIGH NUCLEI

Adobe Experience Manager <6.1.0 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0957. PoCs published by fuckwbored. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a technical explanation and examples of payloads to bypass 403/404 errors in Adobe Experience Manager (AEM) using CVE-2016-0957. It demonstrates how appending specific extensions (e.g., .gif, .css) to paths can bypass dispatcher restrictions.

Description

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

Exploits (1)

nomisec WRITEUP
by fuckwbored · poc
https://github.com/fuckwbored/CVE-2016-0957-payloads

This repository provides a technical explanation and examples of payloads to bypass 403/404 errors in Adobe Experience Manager (AEM) using CVE-2016-0957. It demonstrates how appending specific extensions (e.g., .gif, .css) to paths can bypass dispatcher restrictions.

Classification
Writeup 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Adobe Experience Manager (AEM)
No auth needed
Prerequisites: Access to the target AEM instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Adobe AEM Dispatcher <4.15 - Rules Bypass
HIGHby geeknik
Shodan: http.component:"Adobe Experience Manager" || http.component:"adobe experience manager"

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.9319
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (4)
adobe/dispatcher < 4.1.4
adobe/experience_manager 5.6.1
adobe/experience_manager 6.0.0
adobe/experience_manager 6.1.0
Published Feb 10, 2016
Tracked Since Feb 18, 2026