Apache Org.Apache.Sling.Servlets.Post vulnerabilities
2 known vulnerabilities affecting apache/org.apache.sling.servlets.post.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2012-2138P4MEDIUMCVSS 5.0PoC≤ 2.1.02012-07-09
CVE-2012-2138 [MEDIUM] CWE-264 CVE-2012-2138: The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
nvd
CVE-2013-2254P4MEDIUMCVSS 5.0v2.2.0v2.3.02013-10-17
CVE-2013-2254 [MEDIUM] CWE-119 CVE-2013-2254: The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspeci
nvd