Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Invalidate / Flush Cached Pages on AEM" module is designed to detect misconfigurations or vulnerabilities related to the caching mechanism in Adobe Experience Manager (AEM). AEM is a content management system that allows users to create, manage, and deliver digital experiences across various channels.
This module has a low severity level, indicating that the potential impact of the detected issue is relatively minor.
This module was authored by hetroublemakr.
If misconfigurations or vulnerabilities are found in the caching mechanism of AEM, it could lead to issues such as outdated or incorrect content being served to users, impacting the overall user experience and potentially exposing sensitive information.
The "Invalidate / Flush Cached Pages on AEM" module sends an HTTP GET request to the "/dispatcher/invalidate.cache" endpoint with specific headers related to the AEM content path. It then applies matching conditions to determine if the response indicates a successful cache invalidation.
Matching conditions:
- The response body must contain the HTML tag "<H1>OK</H1>" - The response status code must be 200If both conditions are met, the module considers the cache invalidation successful.
Example HTTP request:
GET /dispatcher/invalidate.cache
Headers:
CQ-Path: /content
CQ-Handle: /content
Note: The above example is a simplified representation of the HTTP request and headers used by the module.
For more information, you can refer to the reference tweet by AEMSecurity.
Metadata: shodan-query: http.component:"Adobe Experience Manager"
CQ-Path: /content
CQ-Handle: /content