content insight servlet

Avatar

Avatar

kartheekd203042

Avatar

kartheekd203042

kartheekd203042

12-07-2018

Hi Experts,

Can anyone help me understand the purpose of the below servlet and what it is used for?

http://localhost:4502/libs/cq/contentinsight/proxy/reportingservices.json.GET.servlet.a.23.css

Our team reported a vulnerability that using this servlet they can perform SSRF attacks and reach to the publisher bypassing the dispatcher.

While restricting it is an immediate measure we have taken but would like to understand the impact of restricting at the dispatcher.

Any inputs or links referring to the original documentation would be of great help

Regards

Kartheek

View Entire Topic

Avatar

Avatar

kartheekd203042

Avatar

kartheekd203042

kartheekd203042

01-08-2018

Thanks.

Can you please share the appropriate hotfix/patch package for AEM Version 6.3.1.2