Security Advisory

CVE-2012-2138

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-07-09 22:00:00

Last updated 2024-09-16 20:42:21

Assigner redhat

State PUBLISHED

Description

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.

← Browse all CVEs View on cve.org ↗