Detections
Analytics

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 Multiple Vulnerabilities (APSB16-05)

high Nessus Plugin ID 181454

Language:

Synopsis

The Adobe Experience Manager instance installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Adobe Experience Manager installed on the remote host is either 5.6.1, 6.0.0, or 6.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB16-05 advisory.

 - Adobe Experience Manager version 6.1 is affected by a cross-site scripting vulnerability that could lead to information disclosure. Apply hot fix 8651 to resolve. (CVE-2016-0955)

 - Adobe Experience Manager version 5.6.1, 6.0, or 6.1 is affected by an information disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and earlier versions. Apply hot fix 6445 to resolve. (CVE-2016-0956)

 - Adobe Experience Manager version 5.6.1, 6.0, or 6.1 is affected by a URL filter bypass vulnerability that could be used to circumvent dispatcher rules. Install Dispatcher 4.1.5 or higher to resolve. (CVE-2016-0957)

 - Adobe Experience Manager version 5.6.1, 6.0, or 6.1 is affected by a Java deserialization issue. Apply hot fix 8364 to resolve. (CVE-2016-0958)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply hot fixes 6445, 8651, 8364 and install Dispatcher 4.1.5 or upgrade to Adobe Experience Manager version 6.2 or later.

See Also

http://www.nessus.org/u?43036e1a

Plugin Details

Severity: High

ID: 181454

File Name: adobe_experience_manager_apsb16-05.nasl

Version: 1.1

Type: combined

Family: Misc.

Published: 9/14/2023

Updated: 9/15/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2016-0958

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:experience_manager

Required KB Items: installed_sw/Adobe Experience Manager

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/9/2016

Vulnerability Publication Date: 2/9/2016

Reference Information

CVE: CVE-2016-0955, CVE-2016-0956, CVE-2016-0957, CVE-2016-0958