CVE-2012-2138

Currently unrated

Key Information:

Vendor: Apache
Status: Org.apache.sling.servlets.post
Vendor: CVE Published:; 9 July 2012

Summary

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.

References

https://issues.apache.org/jira/browse/SLING-2517

x_refsource_CONFIRM

http://svn.apache.org/viewvc?view=revision&revision=1352865

x_refsource_CONFIRM

http://mail-archives.apache.org/mod_mbox/www-announce/201...

mailing-listx_refsource_MLIST

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 9, 2012