CVE-2012-2138

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2012-2138 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2012-2138 Source advisory: OSV:GHSA-342C-F869-5M44...

Apache Sling @CopyFrom拒绝服务漏洞

CVE ID: CVE-2012-2138 Apache Sling是Java平台上的开源Web框架，在JCR内容库上创建面向内容的应用。 Apache Sling 2.1.2之前版本在处理Sling POST程序内的@CopyFrom操作时存在输入验证错误，通过特制的HTTP请求，可被利用造成无限循环和消耗内存和存储资源 0 Apache Group Sling 2.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://httpd.apache.org/...

CVE-2012-2138

The vulnerability CVE-2012-2138 affects the Apache Sling project, specifically the org.apache.sling.servlets.post bundle before version 2.1.2. The @CopyFrom operation in the Sling POST servlet fails to prevent copying an ancestor node to a descendant, enabling remote attackers to trigger a denial...