Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "AEM DefaultGetServlet" module is designed to detect potential misconfigurations or vulnerabilities in Adobe Experience Manager (AEM) web applications. It targets the AEM DefaultGetServlet, a built-in servlet that handles GET requests in AEM.
This module has a severity level of low, indicating that the detected issues may have a limited impact on the security of the application.
This module was authored by DhiyaneshDk.
The "AEM DefaultGetServlet" module aims to identify potential exposure of sensitive information through the AEM DefaultGetServlet. If misconfigured or vulnerable, this servlet could potentially leak sensitive data, posing a risk to the confidentiality of the application.
The "AEM DefaultGetServlet" module performs a series of HTTP requests to various paths within the AEM application. It then applies matching conditions to determine if the responses indicate a potential misconfiguration or vulnerability.
One example of an HTTP request sent by this module is a GET request to the path "/etc.json". This request is used to check if the AEM DefaultGetServlet responds with a status code of 200 and contains the word "jcr:createdBy" in the response body.
The matching conditions used by this module include checking the status code and searching for specific words in the response body. These conditions help identify potential issues related to the AEM DefaultGetServlet.
For more information, you can refer to the following resources:
- Speakerdeck - Hunting for Security Bugs in AEM Webapps - GitHub - Burp AEM Scanner