var-201602-0319
Vulnerability from variot

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. Dispatcher is one of the tools that keeps AEM cached or load balanced. There is a security vulnerability in AE M's Dispatcher, which is caused by the program not implementing the URL filter correctly. The following versions are affected: AEM version 5.6.1, version 6.0.0, version 6.1.0, Dispatcher versions prior to 4.1.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0319",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "experience manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "adobe",
        "version": "6.0.0"
      },
      {
        "model": "experience manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "adobe",
        "version": "5.6.1"
      },
      {
        "model": "experience manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "adobe",
        "version": "6.1.0"
      },
      {
        "model": "dispatcher",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "4.1.4"
      },
      {
        "model": "experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "5.6.1 (windows/unix/linux/os x)"
      },
      {
        "model": "experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "6.0.0 (windows/unix/linux/os x)"
      },
      {
        "model": "experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "6.1.0 (windows/unix/linux/os x)"
      },
      {
        "model": "dispatcher",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "4.1.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:dispatcher:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:5.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      }
    ]
  },
  "cve": "CVE-2016-0957",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-0957",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-88467",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-0957",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-220",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-88467",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-0957",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88467"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. Dispatcher is one of the tools that keeps AEM cached or load balanced. There is a security vulnerability in AE M\u0027s Dispatcher, which is caused by the program not implementing the URL filter correctly. The following versions are affected: AEM version 5.6.1, version 6.0.0, version 6.1.0, Dispatcher versions prior to 4.1.5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "db": "VULHUB",
        "id": "VHN-88467"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0957"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-0957",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-88467",
        "trust": 0.1
      },
      {
        "db": "BID",
        "id": "83123",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0957",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88467"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "id": "VAR-201602-0319",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88467"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:51:33.702000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APSB16-05",
        "trust": 0.8,
        "url": "http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
      },
      {
        "title": "APSB16-05",
        "trust": 0.8,
        "url": "http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html"
      },
      {
        "title": "Adobe Experience Manager Dispatcher Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60162"
      },
      {
        "title": "CVE-Study",
        "trust": 0.1,
        "url": "https://github.com/thdusdl1219/cve-study "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-0957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0957"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0957"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/83123"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/thdusdl1219/cve-study"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88467"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-88467"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-88467"
      },
      {
        "date": "2016-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-0957"
      },
      {
        "date": "2016-02-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "date": "2016-02-10T20:59:09.967000",
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "date": "2016-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-88467"
      },
      {
        "date": "2016-02-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-0957"
      },
      {
        "date": "2016-02-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      },
      {
        "date": "2016-02-25T19:44:38.713000",
        "db": "NVD",
        "id": "CVE-2016-0957"
      },
      {
        "date": "2016-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adobe Experience Manager of  Dispatcher Vulnerability in which dispatcher rules could be bypassed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001468"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-220"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.