6 matches found
CVE-2012-2138
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...
CVE-2012-2138
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...
Cross site request forgery (csrf)
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...
CVE-2012-2138
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...
CVE-2012-2138
The vulnerability CVE-2012-2138 affects the Apache Sling project, specifically the org.apache.sling.servlets.post bundle before version 2.1.2. The @CopyFrom operation in the Sling POST servlet fails to prevent copying an ancestor node to a descendant, enabling remote attackers to trigger a denial...
Apache Sling 2.1.0 Denial Of Service
CVE-2012-2138 : Apache Sling denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: org.apache.sling.servlets.post bundle up to 2.1.0 Description: The @CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of it...