CVE-2016-0956

Published: Feb 10, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Affected (4)

Products: Apache: Sling · Adobe: Experience Manager

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Sling	All versions

Configuration B

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Adobe Experience Manager	Version 5.6.1
Adobe Experience Manager	Version 6.0.0
Adobe Experience Manager	Version 6.1.0

Running on/with	Platform Versions
Apple Mac Os X	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html

Source: psirt@adobe.com

http://seclists.org/fulldisclosure/2016/Feb/48

Source: psirt@adobe.com

http://www.securityfocus.com/archive/1/537498/100/0/threaded

Source: psirt@adobe.com

https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Source: psirt@adobe.com

PatchVendor Advisory

https://www.exploit-db.com/exploits/39435/

Source: psirt@adobe.com

http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html