Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0957 — Adobe Dispatcher vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

93.2%

top 0.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Dispatcher Adobe Experience Manager

Timeline

PublishedFeb 10

Latest updateMay 17

Description

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDadobe/dispatcher4.1.4

▶NVDadobe/experience_manager5.6.1, 6.0.0, 6.1.0+2

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-pw75-rg34-vpr4: Dispatcher before 4↗2022-05-17

▶

💥Exploits & PoCs

Nuclei

Adobe AEM Dispatcher <4.15 - Rules Bypass

▶