Arbitrary File Import Vulnerability in Apache Sling JCR ContentLoader
CVE-2012-3353

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Sling
Vendor: CVE Published:; 9 January 2018

What is CVE-2012-3353?

The Apache Sling JCR ContentLoader version 2.1.4 has a vulnerability that permits the import of arbitrary files into the content repository. This weakness can lead to significant information leaks as it exposes local files and sensitive data to unauthorized access. Users are advised to upgrade to version 2.1.6 to mitigate this issue and enhance their security posture.

Affected Version(s)

Apache Sling JCR ContentLoader 2.1.4

References

https://lists.apache.org/thread.html/50994d80dd5cf93f1365...

mailing-listx_refsource_MLIST

https://issues.apache.org/jira/browse/SLING-2512

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2018
Vulnerability Reserved
Jun 14, 2012