The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2012-07-09 22:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-2138
Mitre link : CVE-2012-2138
CVE.ORG link : CVE-2012-2138
JSON object : View
Products Affected
apache
- org.apache.sling.servlets.post
- sling
CWE
CWE-264
Permissions, Privileges, and Access Controls