 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.807066 |
| Categoría: | Web application abuses |
| Título: | Adobe Experience Manager (AEM) Multiple Vulnerabilities (APSB16-05) - Active Check |
| Resumen: | Adobe Experience Manager (AEM) is prone to multiple; vulnerabilities. |
| Descripción: | Summary: Adobe Experience Manager (AEM) is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2016-0955: Cross-site scripting (XSS) vulnerability - CVE-2016-0956: Information disclosure in the Servlets Post component of Apache Sling as used in AEM - CVE-2016-0957: Dispatcher as used in AEM does not properly implement a URL filter - CVE-2016-0958: Unspecified vulnerability related to a crafted serialized Java object Vulnerability Impact: - CVE-2016-0955: The flaw allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog - CVE-2016-0956: Successful exploitation will allow remote unauthenticated users to enumerate local system files/folders that are not accessible publicly to unauthenticated users - CVE-2016-0957: The flaw allows remote attackers to bypass dispatcher rules via unspecified vectors - CVE-2016-0958: Unspecified impact Affected Software/OS: - CVE-2016-0955: AEM version 6.1.0 - CVE-2016-0956: Apache Sling Framework version 2.3.6 as used in AEM versions 5.6.1, 6.0.0 and 6.1.0 - CVE-2016-0957: Adobe Dispatcher before version 4.1.5 as used in AEM versions 5.6.1, 6.0.0 and 6.1.0 - CVE-2016-0958: AEM versions 5.6.1, 6.0.0 and 6.1.0 Solution: Apply the hotfixes and updates described in the referenced vendor advisory. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-0955 http://www.csnc.ch/misc/files/advisories/CVE-2016-0955_AEM-XSS.txt Common Vulnerability Exposure (CVE) ID: CVE-2016-0956 Bugtraq: 20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability (Google Search) http://www.securityfocus.com/archive/1/537498/100/0/threaded https://www.exploit-db.com/exploits/39435/ http://seclists.org/fulldisclosure/2016/Feb/48 http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0957 Common Vulnerability Exposure (CVE) ID: CVE-2016-0958 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |