cbcvebase.
CVE-2016-0957
published 2016-02-10

CVE-2016-0957: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass…

PriorityP271high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
50.71%
98.8th percentile
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

Affected

4 ranges
VendorProductVersion rangeFixed in
adobedispatcher<= 4.1.4
adobeexperience_manager
adobeexperience_manager
adobeexperience_manager

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/system/console?.css
otherBasic YWRtaW46YWRtaW4K
  • Shodan queries 'http.component:"Adobe Experience Manager"' and 'http.component:"adobe experience manager"' can be used to identify potentially vulnerable internet-facing AEM instances.
  • ·The Authorization header in the probe uses default admin:admin credentials (Base64-encoded). Detection will only succeed against instances with default credentials left unchanged.
  • ·The vulnerability affects Dispatcher before 4.1.5 in Adobe Experience Manager versions 5.6.1, 6.0.0, and 6.1.0 only; later versions are not affected.
  • ·The exact bypass vectors are unspecified in the CVE; the '?.css' suffix trick is one known exploitation path but may not be exhaustive.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.