Apache Sling 2.1.0 Denial Of Service

2012.07.07
Credit: IO Active
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

CVE-2012-2138 : Apache Sling denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: org.apache.sling.servlets.post bundle up to 2.1.0 Description: The @CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of its descendant nodes, creating an infinite loop that ultimately results in denial of service, once memory and/or storage resources are exhausted. Mitigation: Users should upgrade to version 2.1.2 of the org.apache.sling.servlets.post bundle [1], or apply the Sling patch of revision 1352865 [2]. Example: curl -u admin:pwd -d "" "http://localhost:8888/content/foo/?./%40CopyFrom=../" Credit: This issue was discovered by IO Active, working for Adobe. References: [1] http://sling.apache.org/site/downloads.cgi [2] http://svn.apache.org/viewvc?view=revision&revision=1352865 https://issues.apache.org/jira/browse/SLING-2517

References:

http://svn.apache.org/viewvc?view=revision&revision=1352865
https://issues.apache.org/jira/browse/SLING-2517


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top