CVE-2012-2138
published 2012-07-09CVE-2012-2138: The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
14.12%
96.1th percentile
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | org.apache.sling.servlets.post | <= 2.1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache Sling POST Servlets Denial of Service Vulnerability
osv·2022-05-17
CVE-2012-2138 [MEDIUM] Apache Sling POST Servlets Denial of Service Vulnerability
Apache Sling POST Servlets Denial of Service Vulnerability
The `@CopyFrom` operation in the POST servlet in the `org.apache.sling.servlets.post` bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
GHSA
Apache Sling POST Servlets Denial of Service Vulnerability
ghsa·2022-05-17
CVE-2012-2138 [MEDIUM] CWE-400 Apache Sling POST Servlets Denial of Service Vulnerability
Apache Sling POST Servlets Denial of Service Vulnerability
The `@CopyFrom` operation in the POST servlet in the `org.apache.sling.servlets.post` bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
No detection rules found.
No writeups or analysis indexed.
http://mail-archives.apache.org/mod_mbox/www-announce/201207.mbox/%3CCAEWfVJ=PwoQmwJg0KmbrC17Gw51kgfKRsqgy=4RpMQsdGh0bVg%40mail.gmail.com%3Ehttp://svn.apache.org/viewvc?view=revision&revision=1352865https://issues.apache.org/jira/browse/SLING-2517http://mail-archives.apache.org/mod_mbox/www-announce/201207.mbox/%3CCAEWfVJ=PwoQmwJg0KmbrC17Gw51kgfKRsqgy=4RpMQsdGh0bVg%40mail.gmail.com%3Ehttp://svn.apache.org/viewvc?view=revision&revision=1352865https://issues.apache.org/jira/browse/SLING-2517
2012-07-09
Published