Apache Sling 2.1.0 Denial Of Service vulnerabilit
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
securityvulns | [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability | 11 Jul 201200:00 | β | securityvulns |
securityvulns | Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 11 Jul 201200:00 | β | securityvulns |
Cvelist | CVE-2012-2138 | 9 Jul 201222:00 | β | cvelist |
OSV | Apache Sling POST Servlets Denial of Service Vulnerability | 17 May 202205:28 | β | osv |
Github Security Blog | Apache Sling POST Servlets Denial of Service Vulnerability | 17 May 202205:28 | β | github |
seebug.org | Apache Sling @CopyFromζη»ζε‘ζΌζ΄ | 10 Jul 201200:00 | β | seebug |
Prion | Cross site request forgery (csrf) | 9 Jul 201222:55 | β | prion |
NVD | CVE-2012-2138 | 9 Jul 201222:55 | β | nvd |
CVE | CVE-2012-2138 | 9 Jul 201222:55 | β | cve |
Exploit DB | Apache Sling - Denial of Service | 6 Jul 201200:00 | β | exploitdb |
CVE-2012-2138 : Apache Sling denial of service vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
org.apache.sling.servlets.post bundle up to 2.1.0
Description:
The @CopyFrom operation of the Sling POST servlet allows for copying a
parent node to one of its descendant nodes, creating an infinite loop
that ultimately results in denial of service, once memory and/or
storage resources are exhausted.
Mitigation:
Users should upgrade to version 2.1.2 of the
org.apache.sling.servlets.post bundle [1], or apply the Sling patch of
revision 1352865 [2].
Example:
curl -u admin:pwd -d "" "http://localhost:8888/content/foo/?./%40CopyFrom=../"
Credit:
This issue was discovered by IO Active, working for Adobe.
References:
[1] http://sling.apache.org/site/downloads.cgi
[2] http://svn.apache.org/viewvc?view=revision&revision=1352865
https://issues.apache.org/jira/browse/SLING-2517
# 0day.today [2018-04-09] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo