Vulnerabilities

CVE-2012-2138

by Fred · 09/07/2012

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.

Date published : 2012-07-09

http://svn.apache.org/viewvc?view=revision&revision=1352865

https://issues.apache.org/jira/browse/SLING-2517

Similar

Tags: Cybersecurity Alert