Release date: February 9, 2016
Last updated: February 12, 2016
Vulnerability identifier: APSB16-05
CVE number: CVE-2016-0955, CVE-2016-0956, CVE-2016-0957, CVE-2016-0958
Platform: Windows, Unix, Linux and OS X
Adobe has released security hot fixes for Adobe Experience Manager. These hot fixes resolve important vulnerabilities that could potentially lead to information disclosure.
|6.1.0||Windows, Unix, Linux and OS X|
|Adobe Experience Manager||6.0.0||Windows, Unix, Linux and OS X|
|5.6.1||Windows, Unix, Linux and OS X|
Please visit the Adobe Experience Manager Help Page for more information on available hot fixes.
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Damian Pfammatter of Compass Security Schweiz AG (CVE-2016-0955)
- Ateeq ur Rehman Khan - Vulnerability Labs (@CyberCrimeNEWS) (CVE-2016-0956)
February 12, 2016:
- Added "and earlier versions" to clarify that CVE-2016-0956 affects Apache Sling Servlets Post 2.3.6 and earlier versions.
- Modified the description of CVE-2016-0955 to clarify that only version 6.1.0 is affected. Versions prior to AEM 6.1.0 are not affected by CVE-2016-0955.
- Reformatted the Vulnerability Details section in a tabular format and included URLs to the download packages for each hotfix.