Lucene search

K

Apache Sling 2.1.0 Denial Of Service

πŸ—“οΈΒ 10 Jul 2012Β 00:00:00Reported byΒ n/aTypeΒ 
zdt
Β zdt
πŸ”—Β 0day.todayπŸ‘Β 35Β Views

Apache Sling 2.1.0 Denial Of Service vulnerabilit

Show more
Related
Code
ReporterTitlePublishedViews
Family
securityvulns
[SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability
11 Jul 201200:00
–securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
11 Jul 201200:00
–securityvulns
Cvelist
CVE-2012-2138
9 Jul 201222:00
–cvelist
OSV
Apache Sling POST Servlets Denial of Service Vulnerability
17 May 202205:28
–osv
Github Security Blog
Apache Sling POST Servlets Denial of Service Vulnerability
17 May 202205:28
–github
seebug.org
Apache Sling @CopyFromζ‹’η»ζœεŠ‘ζΌζ΄ž
10 Jul 201200:00
–seebug
Prion
Cross site request forgery (csrf)
9 Jul 201222:55
–prion
NVD
CVE-2012-2138
9 Jul 201222:55
–nvd
CVE
CVE-2012-2138
9 Jul 201222:55
–cve
Exploit DB
Apache Sling - Denial of Service
6 Jul 201200:00
–exploitdb
Rows per page
CVE-2012-2138 : Apache Sling denial of service vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
org.apache.sling.servlets.post bundle up to 2.1.0

Description:
The @CopyFrom operation of the Sling POST servlet allows for copying a
parent node to one of its descendant nodes, creating an infinite loop
that ultimately results in denial of service, once memory and/or
storage resources are exhausted.

Mitigation:
Users should upgrade to version 2.1.2 of the
org.apache.sling.servlets.post bundle [1], or apply the Sling patch of
revision 1352865 [2].

Example:
curl -u admin:pwd -d "" "http://localhost:8888/content/foo/?./%40CopyFrom=../"

Credit:
This issue was discovered by IO Active, working for Adobe.

References:
[1] http://sling.apache.org/site/downloads.cgi
[2] http://svn.apache.org/viewvc?view=revision&revision=1352865
https://issues.apache.org/jira/browse/SLING-2517



#  0day.today [2018-04-09]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Jul 2012 00:00Current
7High risk
Vulners AI Score7
EPSS0.003
35
.json
Report