CVE-2016-0956
published 2016-02-10CVE-2016-0956: The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive…
PriorityP267high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
46.19%
98.7th percentile
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | experience_manager | — | — |
| adobe | experience_manager | — | — |
| adobe | experience_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcurl -F":operation=delete" -F":applyTo=/etc/*" https://www.adobedemo.com/content/adobedemolab/welcome-page.html↗
- →Detect HTTP POST requests to any AEM endpoint containing form fields ':operation=delete' and ':applyTo' with a wildcard glob pattern (e.g. /etc/*), which is the exploit trigger for CVE-2016-0956. ↗
- →Look for HTTP 500 responses from AEM/Sling containing the string 'org.apache.sling.api.resource.PersistenceException' and 'ChangeLog' in the response body, which indicates successful exploitation and file/folder enumeration. ↗
- →Monitor for unauthenticated DELETE-operation POST requests to SlingPostServlet endpoints (e.g. *.html) with ':applyTo' parameter containing wildcard paths such as '/etc/*', '/content/*'. ↗
- →The HTML response body will contain a 'ChangeLog' field listing enumerated folder/file names when exploitation is successful — alert on this field appearing in 500-error responses from AEM. ↗
- ·The vulnerability is exploitable only on AEM instances that lack proper security controls or are misconfigured — not all AEM deployments are affected by default. ↗
- ·No actual files are deleted during exploitation; the attack only triggers an exception response that leaks filesystem path information via the ChangeLog field. ↗
- ·The fix is available in Servlets POST 2.3.8; Adobe Hot fix 6445 resolves the issue for AEM deployments still on 2.3.6. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
osv·2022-05-14
CVE-2016-0956 [HIGH] Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
ghsa·2022-05-14
CVE-2016-0956 [HIGH] CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2016/Feb/48http://www.securityfocus.com/archive/1/537498/100/0/threadedhttps://helpx.adobe.com/security/products/experience-manager/apsb16-05.htmlhttps://www.exploit-db.com/exploits/39435/http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2016/Feb/48http://www.securityfocus.com/archive/1/537498/100/0/threadedhttps://helpx.adobe.com/security/products/experience-manager/apsb16-05.htmlhttps://www.exploit-db.com/exploits/39435/
2016-02-10
Published