id: aem-acs-common info: name: Adobe AEM ACS Common Exposure author: dhiyaneshDk severity: medium description: Adobe AEM ACS Common pages exposed. reference: - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt metadata: max-request: 4 shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" product: acs_aem_commons vendor: adobe tags: misconfig,aem,adobe classification: cpe: cpe:2.3:a:adobe:acs_aem_commons:*:*:*:*:*:*:*:* http: - method: GET path: - "{{BaseURL}}/etc/acs-commons/jcr-compare.html" - "{{BaseURL}}/etc/acs-commons/workflow-remover.html" - "{{BaseURL}}/etc/acs-commons/version-compare.html" - "{{BaseURL}}/etc/acs-commons/oak-index-manager.html" stop-at-first-match: true matchers: - type: word part: body words: - 'Version Compare | ACS AEM Commons' - 'Oak Index Manager | ACS AEM Commons' - 'JCR Compare | ACS AEM Commons' - 'Workflow Remover | ACS AEM Commons' condition: or # digest: 490a00463044022000b0ff7eef39f80727143517276c8c058d1ac932e761c6f97b8b655df992c1b00220288ff39cd43ef4a8660eaeef3dd133a1fc4c1bb204d708ca8d97ac0d260a47e1:922c64590222798bb761d5b6d8e72950