CVE-2017-9802

The Javascript method Sling.evalString in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings...

Apache Sling XSS Protection API XML External Entity Injection Vulnerability

Apache Sling is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR content repository Java Content Repository to create content-oriented applications . XSS Protection API module is one of the XSS attack...

Apache Sling Framework v2.3.6 - Information Disclosure

Document Title: =============== Apache Sling Framework v2.3.6 - Information Disclosure References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1536 Adobe Bulletin: https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html Vulnerability Magazine...

Apache Sling @CopyFrom拒绝服务漏洞

CVE ID: CVE-2012-2138 Apache Sling是Java平台上的开源Web框架，在JCR内容库上创建面向内容的应用。 Apache Sling 2.1.2之前版本在处理Sling POST程序内的@CopyFrom操作时存在输入验证错误，通过特制的HTTP请求，可被利用造成无限循环和消耗内存和存储资源 0 Apache Group Sling 2.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://httpd.apache.org/...