CVE-2016-0957

HIGH NUCLEI

Adobe Experience Manager <6.1.0 - SSRF

Title source: llm

Description

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

Exploits (1)

nomisec WRITEUP
by fuckwbored · poc
https://github.com/fuckwbored/CVE-2016-0957-payloads

Nuclei Templates (1)

Adobe AEM Dispatcher <4.15 - Rules Bypass
HIGHby geeknik
Shodan: http.component:"Adobe Experience Manager" || http.component:"adobe experience manager"

References (1)

Scores

CVSS v3 7.5
EPSS 0.9319
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (4)
adobe/dispatcher < 4.1.4
adobe/experience_manager 5.6.1
adobe/experience_manager 6.0.0
adobe/experience_manager 6.1.0
Published Feb 10, 2016
Tracked Since Feb 18, 2026