Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "AEM BG-Servlets" module is a test case designed to detect misconfigurations or vulnerabilities in Adobe Experience Manager (AEM) web applications. It focuses on the BG-Servlets component of AEM. The severity of the module is informative, meaning it provides valuable insights but does not indicate a critical security issue. The original author of this module is DhiyaneshDk.
This module aims to identify potential security weaknesses or misconfigurations in the AEM BG-Servlets component. By detecting these issues, it helps organizations ensure the proper configuration and security of their AEM web applications.
The "AEM BG-Servlets" module utilizes HTTP request templates and matching conditions to perform its tests. It sends a GET request to the path "/system/bgservlets/test.css" and applies two matching conditions:
- Status: The response status code must be 200. - Word: The response body must contain the phrase "<br/>Flushing output<br/>".If both conditions are met, the module considers the test successful, indicating a potential misconfiguration or vulnerability in the AEM BG-Servlets component.
Reference:
- https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212
Metadata:
shodan-query: http.component:"Adobe Experience Manager"