Vulnerability in Apache Org.apache.sling.servlets.post
CVE-2012-2138
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial…
EPSS: 0.386 (97.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Org.apache.sling.servlets.post
- Apache Sling
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- [www-announce] 20120706 [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability (mailing-list, x_refsource_MLIST)