Miggo Logo

CVE-2016-0956: Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.93814%
Published
5/14/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.sling:org.apache.sling.servlets.postmaven<= 2.3.62.3.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper error handling in POST request processing for delete operations. Key functions identified:

  1. SlingPostServlet.handleOperation - Directly processes the vulnerable :operation parameter
  2. SlingPostServlet.handleDelete - Implements the specific vulnerable delete logic
  3. AbstractPostOperation.run - Base class where operation execution and session commits occur Exploit analysis shows these functions would appear in stack traces when processing malicious delete requests with :applyTo parameters, as they handle the operation dispatch, path resolution, and session management that leads to information disclosure through uncaught exceptions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** S*rvl*ts Post *ompon*nt *.*.* in *p**** Slin*, *s us** in **o** *xp*ri*n** M*n***r *.*.*, *.*.*, *n* *.*.*, *llows r*mot* *tt**k*rs to o*t*in s*nsitiv* in*orm*tion vi* unsp**i*i** v**tors.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *rror **n*lin* in POST r*qu*st pro**ssin* *or **l*t* op*r*tions. K*y *un*tions i**nti*i**: *. Slin*PostS*rvl*t.**n*l*Op*r*tion - *ir**tly pro**ss*s t** vuln*r**l* :op*r*tion p*r*m*t*r *. Slin*PostS*rvl*t.**n*l***