The CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of its descendant nodes, creating an infinite loop that ultimately results in denial of service, once memory and/or storage resources are exhausted.
8995843141b2cea69c3716091acf10088f9d4eadff4f7ee2520234cfcb689c33CVE-2012-2138 : Apache Sling denial of service vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
org.apache.sling.servlets.post bundle up to 2.1.0
Description:
The @CopyFrom operation of the Sling POST servlet allows for copying a
parent node to one of its descendant nodes, creating an infinite loop
that ultimately results in denial of service, once memory and/or
storage resources are exhausted.
Mitigation:
Users should upgrade to version 2.1.2 of the
org.apache.sling.servlets.post bundle [1], or apply the Sling patch of
revision 1352865 [2].
Example:
curl -u admin:pwd -d "" "https://localhost:8888/content/foo/?./%40CopyFrom=../"
Credit:
This issue was discovered by IO Active, working for Adobe.
References:
[1] https://sling.apache.org/site/downloads.cgi
[2] https://svn.apache.org/viewvc?view=revision&revision=1352865
https://issues.apache.org/jira/browse/SLING-2517
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed