What is CVE-2016-0956?

CVE-2016-0956 is a high-severity vulnerability in Adobe Experience_manager, classified under Information Disclosure. CVSS score: 7.5/10. Published 2016-02-10.

How severe is CVE-2016-0956?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2016-0956 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Adobe Experience_manager

CVE-2016-0956

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Vulnerability class: Information Disclosure

EPSS: 0.133 (94.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Adobe Experience_manager — versions 5.6.1, 6.0.0, 6.1.0
Apache Sling
Apple Mac_os_x
Linux Linux_kernel
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability (mailing-list, x_refsource_FULLDISC)
psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability (mailing-list, x_refsource_BUGTRAQ)
39435 (exploit, x_refsource_EXPLOIT-DB)
psirt@adobe.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2016-0956?: CVE-2016-0956 is a high-severity vulnerability in Adobe Experience_manager, classified under Information Disclosure. CVSS score: 7.5/10. Published 2016-02-10.
How severe is CVE-2016-0956?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2016-0956 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.