Search criteria
16 vulnerabilities found for sling by apache
VAR-201602-0318
Vulnerability from variot - Updated: 2023-12-18 13:53The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. Apache Sling is an open source web framework for the Java platform developed by the Apache Software Foundation. The framework can create content-oriented applications on JCR Content Repository (Java Content Repository). Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. Servlets Post is one of those containers. A remote attacker could exploit this vulnerability to obtain sensitive information. The following versions are affected: AEM Version 5.6.1, Version 6.0.0, Version 6.1.0, Servlets Post Version 2.3.6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "experience manager",
"scope": "eq",
"trust": 1.0,
"vendor": "adobe",
"version": "6.1.0"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 1.0,
"vendor": "adobe",
"version": "6.0.0"
},
{
"model": "sling",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "*"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 1.0,
"vendor": "adobe",
"version": "5.6.1"
},
{
"model": "sling servlets post",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.3.6"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "5.6.1 (windows/unix/linux/os x)"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "6.0.0 (windows/unix/linux/os x)"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "6.1.0 (windows/unix/linux/os x)"
},
{
"model": "sling",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:5.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0956"
}
]
},
"cve": "CVE-2016-0956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0956",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-88466",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-0956",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-219",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88466",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0956",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88466"
},
{
"db": "VULMON",
"id": "CVE-2016-0956"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. Apache Sling is an open source web framework for the Java platform developed by the Apache Software Foundation. The framework can create content-oriented applications on JCR Content Repository (Java Content Repository). Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. Servlets Post is one of those containers. A remote attacker could exploit this vulnerability to obtain sensitive information. The following versions are affected: AEM Version 5.6.1, Version 6.0.0, Version 6.1.0, Servlets Post Version 2.3.6",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "VULHUB",
"id": "VHN-88466"
},
{
"db": "VULMON",
"id": "CVE-2016-0956"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-88466",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39435",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88466"
},
{
"db": "VULMON",
"id": "CVE-2016-0956"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0956",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "135720",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "39435",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-219",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88466",
"trust": 0.1
},
{
"db": "BID",
"id": "83119",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0956",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88466"
},
{
"db": "VULMON",
"id": "CVE-2016-0956"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"id": "VAR-201602-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88466"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:12.432000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-05",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"title": "APSB16-05",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html"
},
{
"title": "Downloads",
"trust": 0.8,
"url": "https://sling.apache.org/downloads.cgi"
},
{
"title": "Adobe Experience Manager Apache Sling Servlets Post Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60161"
},
{
"title": "Twitter-Seclists",
"trust": 0.1,
"url": "https://github.com/securibee/twitter-seclists "
},
{
"title": "aemscan_edit",
"trust": 0.1,
"url": "https://github.com/andyacer/aemscan_edit "
},
{
"title": "AEMVS",
"trust": 0.1,
"url": "https://github.com/theripperjhon/aemvs "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/cve-study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0956"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88466"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "NVD",
"id": "CVE-2016-0956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2016/feb/48"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/135720/apache-sling-framework-2.3.6-information-disclosure.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0956"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0956"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/securibee/twitter-seclists"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/83119"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88466"
},
{
"db": "VULMON",
"id": "CVE-2016-0956"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88466"
},
{
"db": "VULMON",
"id": "CVE-2016-0956"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88466"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0956"
},
{
"date": "2016-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"date": "2016-02-10T20:59:08.623000",
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-88466"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0956"
},
{
"date": "2016-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001449"
},
{
"date": "2018-10-09T19:58:57.880000",
"db": "NVD",
"id": "CVE-2016-0956"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Experience Manager Used in Apache Sling of Servlets Post Vulnerabilities that can capture important information in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001449"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-219"
}
],
"trust": 0.6
}
}
FKIE_CVE-2022-45064
Vulnerability from fkie_nvd - Published: 2023-04-13 11:15 - Updated: 2025-06-13 17:55
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.
Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/04/18/6 | Mailing List | |
| security@apache.org | https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/04/18/6 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | apache_sling_engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:apache_sling_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F89F26B7-0485-4677-A00E-3A6B6B7D67AA",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SlingRequestDispatcher doesn\u0027t correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.\n\n\n\n\nPlease update to Apache Sling Engine \u003e= 2.14.0 and enable the \"Check Content-Type overrides\" configuration option.\n\n\n\n\n"
}
],
"id": "CVE-2022-45064",
"lastModified": "2025-06-13T17:55:57.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-13T11:15:06.737",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/6"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2016-6798
Vulnerability from fkie_nvd - Published: 2017-07-19 15:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A62F4D-F969-446E-8A2B-BD817101880F",
"versionEndIncluding": "1.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application."
},
{
"lang": "es",
"value": "En el m\u00f3dulo de la API de protecci\u00f3n XSS anterior a la versi\u00f3n 1.0.12 en Apache Sling, el m\u00e9todo XSS.getValidXML() utiliza un analizador SAX no seguro para comprobar la cadena de entrada, lo que permite ataques de tipo XXE en todos los scripts que utilizan este m\u00e9todo para comprobar la entrada del usuario, potencialmente permitiendo a un atacante leer datos confidenciales en el sistema de archivos, realizar ataques de tipo same-site-request-forgery (SSRF), escanear puertos detr\u00e1s del firewall o realizar una DoS de la aplicaci\u00f3n."
}
],
"id": "CVE-2016-6798",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-19T15:29:00.213",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99873"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5394
Vulnerability from fkie_nvd - Published: 2017-07-19 15:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B30A33DA-DCDA-4ADB-B0E7-CDFFE84171E7",
"versionEndExcluding": "1.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities."
},
{
"lang": "es",
"value": "En el m\u00f3dulo de la API de protecci\u00f3n XSS anterior a la versi\u00f3n 1.0.12 en Apache Sling, la codificaci\u00f3n hecha por el m\u00e9todo de la funci\u00f3n XSSAPI.encodeForJSString() no es lo suficientemente restrictiva y, para algunos patrones de entrada, permite que etiquetas de script pueden pasar sin codificar, conllevando a potenciales vulnerabilidades de tipo XSS."
}
],
"id": "CVE-2016-5394",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-19T15:29:00.180",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99870"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0956
Vulnerability from fkie_nvd - Published: 2016-02-10 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | sling | * | |
| adobe | experience_manager | 5.6.1 | |
| adobe | experience_manager | 6.0.0 | |
| adobe | experience_manager | 6.1.0 | |
| apple | mac_os_x | * | |
| linux | linux_kernel | * | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5259B4-EB04-4093-9C5B-C52ED92F23E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3235CB90-42C5-4280-8F1E-44D081842CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0791D620-1EE8-44C8-92D7-3790B546C62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8996F27-91F0-42ED-963A-D46C91EC5ECF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "El componente Servlets Post 2.3.6 en Apache Sling, como se utiliza en Adobe Experience Manager 5.6.1, 6.0.0 y 6.1.0, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0956",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-10T20:59:08.623",
"references": [
{
"source": "psirt@adobe.com",
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
},
{
"source": "psirt@adobe.com",
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"source": "psirt@adobe.com",
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/39435/"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4390
Vulnerability from fkie_nvd - Published: 2013-10-24 03:48 - Updated: 2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | sling | * | |
| apache | sling_auth_core_component | * | |
| apache | sling_auth_core_component | 1.0.2 | |
| apache | sling_auth_core_component | 1.0.4 | |
| apache | sling_auth_core_component | 1.0.6 | |
| apache | sling_auth_core_component | 1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5259B4-EB04-4093-9C5B-C52ED92F23E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:sling_auth_core_component:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F83A97B0-C0AF-4C61-8DE3-65418747CD8D",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:sling_auth_core_component:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A9C73E-8307-4371-A3EA-8A014B8E15E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:sling_auth_core_component:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCE7511-8964-4B8A-866F-3762A00AD5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:sling_auth_core_component:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "749C4AEC-C831-4D4F-9169-6E45A672502A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:sling_auth_core_component:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D9ED9C-661B-4C72-98EE-F7D7DD905A35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to \"a custom login form and XSS.\""
},
{
"lang": "es",
"value": "Vulnerabilidad en el AbstractAuthenticationFormServlet en bloque Auth (org.apache.sling.auth.core) antes de 1.1.4 de Apache Sling permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro recurso , en relaci\u00f3n con \"un formulario de acceso personalizado y XSS.\""
}
],
"id": "CVE-2013-4390",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-24T03:48:48.847",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55249"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/63241"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/SLING-3141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/SLING-3141"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-45064 (GCVE-0-2022-45064)
Vulnerability from cvelistv5 – Published: 2023-04-13 10:01 – Updated: 2024-10-17 20:31
VLAI?
Title
Apache Sling Engine: Include-based XSS
Summary
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.
Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Sling Engine |
Affected:
, < 2.14.0
(semver)
|
Credits
Lars Krapf
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sling",
"vendor": "apache",
"versions": [
{
"lessThan": "2.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T20:29:41.550462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T20:31:19.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Sling Engine",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.14.0",
"status": "affected",
"version": " ",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lars Krapf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe SlingRequestDispatcher doesn\u0027t correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003ePlease update to Apache Sling Engine \u0026gt;= 2.14.0 and enable the \"Check Content-Type overrides\" configuration option.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The SlingRequestDispatcher doesn\u0027t correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.\n\n\n\n\nPlease update to Apache Sling Engine \u003e= 2.14.0 and enable the \"Check Content-Type overrides\" configuration option.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T10:01:14.502Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Sling Engine: Include-based XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-45064",
"datePublished": "2023-04-13T10:01:14.502Z",
"dateReserved": "2022-11-09T09:29:43.945Z",
"dateUpdated": "2024-10-17T20:31:19.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5394 (GCVE-0-2016-5394)
Vulnerability from cvelistv5 – Published: 2017-07-19 15:00 – Updated: 2024-09-16 22:21
VLAI?
Summary
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Sling |
Affected:
prior to 1.0.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99870",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Sling",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.0.12"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99870",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-18T00:00:00",
"ID": "CVE-2016-5394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Sling",
"version": {
"version_data": [
{
"version_value": "prior to 1.0.12"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525@%3Cdev.sling.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525@%3Cdev.sling.apache.org%3E"
},
{
"name": "99870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5394",
"datePublished": "2017-07-19T15:00:00Z",
"dateReserved": "2016-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:21:15.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6798 (GCVE-0-2016-6798)
Vulnerability from cvelistv5 – Published: 2017-07-19 15:00 – Updated: 2024-09-16 16:47
VLAI?
Summary
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Sling |
Affected:
prior to 1.0.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Sling",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.0.12"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-20T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-18T00:00:00",
"ID": "CVE-2016-6798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Sling",
"version": {
"version_data": [
{
"version_value": "prior to 1.0.12"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0@%3Cdev.sling.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0@%3Cdev.sling.apache.org%3E"
},
{
"name": "99873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-6798",
"datePublished": "2017-07-19T15:00:00Z",
"dateReserved": "2016-08-12T00:00:00",
"dateUpdated": "2024-09-16T16:47:49.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0956 (GCVE-0-2016-0956)
Vulnerability from cvelistv5 – Published: 2016-02-10 20:00 – Updated: 2024-08-05 22:38
VLAI?
Summary
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"name": "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"name": "39435",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"name": "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"name": "39435",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-0956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"name": "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"name": "39435",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"name": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-0956",
"datePublished": "2016-02-10T20:00:00",
"dateReserved": "2015-12-22T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4390 (GCVE-0-2013-4390)
Vulnerability from cvelistv5 – Published: 2013-10-24 01:00 – Updated: 2024-09-17 00:15
VLAI?
Summary
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SLING-3141"
},
{
"name": "63241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63241"
},
{
"name": "[sling-dev] 20131020 CVE-2013-4390: Apache Sling open redirect on login",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"name": "55249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to \"a custom login form and XSS.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/SLING-3141"
},
{
"name": "63241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63241"
},
{
"name": "[sling-dev] 20131020 CVE-2013-4390: Apache Sling open redirect on login",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"name": "55249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to \"a custom login form and XSS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/SLING-3141",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SLING-3141"
},
{
"name": "63241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63241"
},
{
"name": "[sling-dev] 20131020 CVE-2013-4390: Apache Sling open redirect on login",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"name": "55249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4390",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-17T00:15:43.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45064 (GCVE-0-2022-45064)
Vulnerability from nvd – Published: 2023-04-13 10:01 – Updated: 2024-10-17 20:31
VLAI?
Title
Apache Sling Engine: Include-based XSS
Summary
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.
Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Sling Engine |
Affected:
, < 2.14.0
(semver)
|
Credits
Lars Krapf
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sling",
"vendor": "apache",
"versions": [
{
"lessThan": "2.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T20:29:41.550462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T20:31:19.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Sling Engine",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.14.0",
"status": "affected",
"version": " ",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lars Krapf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe SlingRequestDispatcher doesn\u0027t correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003ePlease update to Apache Sling Engine \u0026gt;= 2.14.0 and enable the \"Check Content-Type overrides\" configuration option.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The SlingRequestDispatcher doesn\u0027t correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.\n\n\n\n\nPlease update to Apache Sling Engine \u003e= 2.14.0 and enable the \"Check Content-Type overrides\" configuration option.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T10:01:14.502Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Sling Engine: Include-based XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-45064",
"datePublished": "2023-04-13T10:01:14.502Z",
"dateReserved": "2022-11-09T09:29:43.945Z",
"dateUpdated": "2024-10-17T20:31:19.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5394 (GCVE-0-2016-5394)
Vulnerability from nvd – Published: 2017-07-19 15:00 – Updated: 2024-09-16 22:21
VLAI?
Summary
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Sling |
Affected:
prior to 1.0.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99870",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Sling",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.0.12"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99870",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-18T00:00:00",
"ID": "CVE-2016-5394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Sling",
"version": {
"version_data": [
{
"version_value": "prior to 1.0.12"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525@%3Cdev.sling.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/332166037a54b97cf41e2b616aaed38439de94b19b204841478e4525@%3Cdev.sling.apache.org%3E"
},
{
"name": "99870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5394",
"datePublished": "2017-07-19T15:00:00Z",
"dateReserved": "2016-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:21:15.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6798 (GCVE-0-2016-6798)
Vulnerability from nvd – Published: 2017-07-19 15:00 – Updated: 2024-09-16 16:47
VLAI?
Summary
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Sling |
Affected:
prior to 1.0.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Sling",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.0.12"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-20T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E"
},
{
"name": "99873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-18T00:00:00",
"ID": "CVE-2016-6798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Sling",
"version": {
"version_data": [
{
"version_value": "prior to 1.0.12"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0@%3Cdev.sling.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0@%3Cdev.sling.apache.org%3E"
},
{
"name": "99873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-6798",
"datePublished": "2017-07-19T15:00:00Z",
"dateReserved": "2016-08-12T00:00:00",
"dateUpdated": "2024-09-16T16:47:49.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0956 (GCVE-0-2016-0956)
Vulnerability from nvd – Published: 2016-02-10 20:00 – Updated: 2024-08-05 22:38
VLAI?
Summary
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"name": "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"name": "39435",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"name": "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"name": "39435",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-0956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/48"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"name": "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded"
},
{
"name": "39435",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39435/"
},
{
"name": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-0956",
"datePublished": "2016-02-10T20:00:00",
"dateReserved": "2015-12-22T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4390 (GCVE-0-2013-4390)
Vulnerability from nvd – Published: 2013-10-24 01:00 – Updated: 2024-09-17 00:15
VLAI?
Summary
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SLING-3141"
},
{
"name": "63241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63241"
},
{
"name": "[sling-dev] 20131020 CVE-2013-4390: Apache Sling open redirect on login",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"name": "55249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to \"a custom login form and XSS.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/SLING-3141"
},
{
"name": "63241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63241"
},
{
"name": "[sling-dev] 20131020 CVE-2013-4390: Apache Sling open redirect on login",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"name": "55249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to \"a custom login form and XSS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/SLING-3141",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SLING-3141"
},
{
"name": "63241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63241"
},
{
"name": "[sling-dev] 20131020 CVE-2013-4390: Apache Sling open redirect on login",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E"
},
{
"name": "55249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4390",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-17T00:15:43.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}