Release date: February 9, 2016
Last updated: February 12, 2016
Vulnerability identifier: APSB16-05
Priority: 2
CVE number: CVE-2016-0955, CVE-2016-0956, CVE-2016-0957, CVE-2016-0958
Platform: Windows, Unix, Linux and OS X
Adobe has released security hot fixes for Adobe Experience Manager. These hot fixes resolve important vulnerabilities that could potentially lead to information disclosure.
Product | Affected Versions | Platform |
---|---|---|
6.1.0 | Windows, Unix, Linux and OS X | |
Adobe Experience Manager | 6.0.0 | Windows, Unix, Linux and OS X |
5.6.1 | Windows, Unix, Linux and OS X |
Please visit the Adobe Experience Manager Help Page for more information on available hot fixes.
Description | CVE | Download Package |
---|---|---|
|
CVE-2016-0958 |
|
|
CVE-2016-0955 |
|
|
CVE-2016-0956 |
|
|
CVE-2016-0957 | Dispatcher |
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Damian Pfammatter of Compass Security Schweiz AG (CVE-2016-0955)
- Ateeq ur Rehman Khan - Vulnerability Labs (@CyberCrimeNEWS) (CVE-2016-0956)
February 12, 2016:
- Added "and earlier versions" to clarify that CVE-2016-0956 affects Apache Sling Servlets Post 2.3.6 and earlier versions.
- Modified the description of CVE-2016-0955 to clarify that only version 6.1.0 is affected. Versions prior to AEM 6.1.0 are not affected by CVE-2016-0955.
- Reformatted the Vulnerability Details section in a tabular format and included URLs to the download packages for each hotfix.