VAR-201602-0319
Vulnerability from variot - Updated: 2023-12-18 12:51Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. Dispatcher is one of the tools that keeps AEM cached or load balanced. There is a security vulnerability in AE M's Dispatcher, which is caused by the program not implementing the URL filter correctly. The following versions are affected: AEM version 5.6.1, version 6.0.0, version 6.1.0, Dispatcher versions prior to 4.1.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "experience manager",
"scope": "eq",
"trust": 1.6,
"vendor": "adobe",
"version": "6.0.0"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 1.6,
"vendor": "adobe",
"version": "5.6.1"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 1.6,
"vendor": "adobe",
"version": "6.1.0"
},
{
"model": "dispatcher",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "4.1.4"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "5.6.1 (windows/unix/linux/os x)"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "6.0.0 (windows/unix/linux/os x)"
},
{
"model": "experience manager",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "6.1.0 (windows/unix/linux/os x)"
},
{
"model": "dispatcher",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "4.1.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:dispatcher:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:5.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0957"
}
]
},
"cve": "CVE-2016-0957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-0957",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-88467",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-0957",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-220",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88467",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0957",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88467"
},
{
"db": "VULMON",
"id": "CVE-2016-0957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. Dispatcher is one of the tools that keeps AEM cached or load balanced. There is a security vulnerability in AE M\u0027s Dispatcher, which is caused by the program not implementing the URL filter correctly. The following versions are affected: AEM version 5.6.1, version 6.0.0, version 6.1.0, Dispatcher versions prior to 4.1.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"db": "VULHUB",
"id": "VHN-88467"
},
{
"db": "VULMON",
"id": "CVE-2016-0957"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0957",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001468",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-220",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88467",
"trust": 0.1
},
{
"db": "BID",
"id": "83123",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0957",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88467"
},
{
"db": "VULMON",
"id": "CVE-2016-0957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"id": "VAR-201602-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88467"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:33.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-05",
"trust": 0.8,
"url": "http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"title": "APSB16-05",
"trust": 0.8,
"url": "http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html"
},
{
"title": "Adobe Experience Manager Dispatcher Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60162"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/cve-study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0957"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0957"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/83123"
},
{
"trust": 0.1,
"url": "https://github.com/thdusdl1219/cve-study"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88467"
},
{
"db": "VULMON",
"id": "CVE-2016-0957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88467"
},
{
"db": "VULMON",
"id": "CVE-2016-0957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88467"
},
{
"date": "2016-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0957"
},
{
"date": "2016-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"date": "2016-02-10T20:59:09.967000",
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-88467"
},
{
"date": "2016-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0957"
},
{
"date": "2016-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001468"
},
{
"date": "2016-02-25T19:44:38.713000",
"db": "NVD",
"id": "CVE-2016-0957"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Experience Manager of Dispatcher Vulnerability in which dispatcher rules could be bypassed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-220"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…