Common security vulnerabilities identified as part of AEM projects | AEM Community Blog Seeding
Common security vulnerabilities identified as part of AEM projects by aemtutorial - AEM_Gure
Abstract
When ever an AEM project goes Live, there are set of scans happens to ensure that the website adheres to set of security & performance guidelines. The security/ penetration tests usually gets scheduled few days ahead of any AEM go live. Below given the set of issues identified as part of AEM websites normally. Horizontal Privilege Escalation Vulnerability Usually by horizontal privilege escalation, hackers remain on the same general user privilege level but gains access data of other accounts or processes that should be unavailable to the current account or process. Host Header Injection Vulnerability Normally a header is used by a web server to decide which website should process the received HTTP request. Whenever many websites are hosted on the same IP address, webserver uses the value of this header to forward the HTTP request to the correct website for processing. This poses as a vulnerability. Email Flooding Attack In general, sending large volumes of email to an email address so that the mail box gets overflowed, overwhelm the server where the email address is hosted in a denial-of-service attack. Thus a wrong impression screen to distract the attention from important email messages indicating a security breach.
Read Full Blog
Common security vulnerabilities identified as part of AEM projects
Q&A
Please use this thread to ask the related questions.
Kautuk Sahni
Topics
Topics help categorize Community content and increase your ability to discover relevant content.
