CVE-2013-2254: Apache Sling denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Sling org.apache.sling.servlets.post.bundle version 2.2.0 and 2.3.0 Description: With some combinations of access control settings and request paths, the POST servlet in the Apache Sling org.apache.sling.servlets.post bundle versions 2.2.0 and 2.3.0 can cause infinite loops, potentially leading to denial of service attacks. Mitigation: Users of those bundle versions should update to version 2.3.2 of the bundle (http://sling.apache.org/downloads.cgi)<http://svn.apache.org/viewvc?rev=680950&view=rev> Credit: This issue was reported by Antonio Sanso of Adobe Systems Incorporated. References: http://sling.apache.org/project-information/security.html https://issues.apache.org/jira/browse/SLING-2913 Regards Carsten Ziegeler On Behalf of the Apache Sling Project Management Committee -- Carsten Ziegeler cziegeler@apache.org