content insight servlet

Avatar

Avatar

kartheekd203042

Avatar

kartheekd203042

kartheekd203042

12-07-2018

Hi Experts,

Can anyone help me understand the purpose of the below servlet and what it is used for?

http://localhost:4502/libs/cq/contentinsight/proxy/reportingservices.json.GET.servlet.a.23.css

Our team reported a vulnerability that using this servlet they can perform SSRF attacks and reach to the publisher bypassing the dispatcher.

While restricting it is an immediate measure we have taken but would like to understand the impact of restricting at the dispatcher.

Any inputs or links referring to the original documentation would be of great help

Regards

Kartheek

View Entire Topic

Avatar

Avatar

kartheekd203042

Avatar

kartheekd203042

kartheekd203042

03-08-2018

HI Lisa,

Please let us know  if there is any workaround without SP2 upgrade?