CVE-2016-0956
35Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 46%
from disclosure to weapon0 days
Published on NVDFeb 10
1st PoCFeb 10
exploitation probability
46%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39435/unverifiedexploitdbwww.exploit-db.com/exploits/39435unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2016/Feb/48https://helpx.adobe.com/security/products/experience-manager/apsb16-05.htmlhttps://www.exploit-db.com/exploits/39435/http://www.securityfocus.com/archive/1/537498/100/0/threaded