Lucene search

K

Apache Sling 2.1.0 Denial Of Service

πŸ—“οΈΒ 06 Jul 2012Β 00:00:00Reported byΒ IO ActiveTypeΒ 
packetstorm
Β packetstorm
πŸ”—Β packetstormsecurity.comπŸ‘Β 24Β Views

Apache Sling 2.1.0 Denial Of Service CVE-2012-2138 Vulnerabilit

Show more
Related
Code
`CVE-2012-2138 : Apache Sling denial of service vulnerability  
  
Severity: Important  
  
Vendor: The Apache Software Foundation  
  
Versions Affected:  
org.apache.sling.servlets.post bundle up to 2.1.0  
  
Description:  
The @CopyFrom operation of the Sling POST servlet allows for copying a  
parent node to one of its descendant nodes, creating an infinite loop  
that ultimately results in denial of service, once memory and/or  
storage resources are exhausted.  
  
Mitigation:  
Users should upgrade to version 2.1.2 of the  
org.apache.sling.servlets.post bundle [1], or apply the Sling patch of  
revision 1352865 [2].  
  
Example:  
curl -u admin:pwd -d "" "http://localhost:8888/content/foo/?./%40CopyFrom=../"  
  
Credit:  
This issue was discovered by IO Active, working for Adobe.  
  
References:  
[1] http://sling.apache.org/site/downloads.cgi  
[2] http://svn.apache.org/viewvc?view=revision&revision=1352865  
https://issues.apache.org/jira/browse/SLING-2517  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo