GHSA-m27m-628v-xxp2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m27m-628v-xxp2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m27m-628v-xxp2/GHSA-m27m-628v-xxp2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m27m-628v-xxp2
- Aliases
-
- CVE-2016-0956
- Published
- 2022-05-14T02:47:05Z
- Modified
- 2024-02-20T05:34:17.089302Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
- Details
-
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2016-02-10T20:59:00Z", "github_reviewed_at": "2022-07-06T20:05:20Z", "severity": "HIGH", "cwe_ids": [ "CWE-200" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-0956
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
- https://www.exploit-db.com/exploits/39435
- http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2016/Feb/48
- http://www.securityfocus.com/archive/1/537498/100/0/threaded
Affected packages
Maven / org.apache.sling:org.apache.sling.servlets.post
Package
- Name
- org.apache.sling:org.apache.sling.servlets.post
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.sling/org.apache.sling.servlets.post