Org Apache Sling Servlets Post
CVE-2012-2138
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1Blast Radius
ecosystem impact- 6 maven packages depend on org.apache.sling:org.apache.sling.servlets.post (6 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.1.2.
DescriptionCVE.org
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
AnalysisAI
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.4%.
Technical ContextAI
This vulnerability is classified under CWE-264. The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. Affected products include: Apache Org.Apache.Sling.Servlets.Post. Version information: before 2.1.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today