Denial of Service Vulnerability in Apache Sling by Apache Software Foundation
CVE-2012-2138

Currently unrated

Key Information:

Vendor

Apache
Status
Org.apache.sling.servlets.post
Vendor
CVE Published:
9 July 2012

What is CVE-2012-2138?

The @CopyFrom operation in the POST servlet of Apache Sling versions prior to 2.1.2 is susceptible to a denial of service vulnerability. This issue arises when the system fails to prevent unauthorized attempts to copy an ancestor node to a descendant node. By sending a specifically crafted HTTP request, an attacker can exploit this vulnerability, triggering an infinite loop within the system that leads to service interruption. It's crucial for users to be aware of this risk and to update to the latest version to mitigate potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://issues.apache.org/jira/browse/SLING-2517
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1352865
x_refsource_CONFIRM
http://mail-archives.apache.org/mod_mbox/www-announce/201...
mailing-listx_refsource_MLIST

EPSS Score

37% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.