According to the security bulletin[1] released 02/09/2016, hot fix 6445 for CVE-2016-0956 resolves the vulnerability "affecting Apache Sling Servlets Post 2.3.6 and earlier versions." But the hotfix for AEM 5.6.1 provides version 2.3.2-R1501241-B002. Is this bundle still vulnerable, as the wording of the bulletin seems to suggest?
The bundle filename is: org.apache.sling.servlets.post-2.3.2-R1501241-B002.jar
Thanks.
[1] https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
Solved! Go to Solution.
Views
Replies
Total Likes
All I can say is 2.3.2-R1501241-B002 is right one for 5.6.1 & you will be safe from threat. Agree description needs to tweaked per aem version please file a separate ticket.
Views
Replies
Total Likes
All I can say is 2.3.2-R1501241-B002 is right one for 5.6.1 & you will be safe from threat. Agree description needs to tweaked per aem version please file a separate ticket.
Views
Replies
Total Likes