[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability

To: users <users@xxxxxxxxxxxxxxxx>, dev <dev@xxxxxxxxxxxxxxxx>, security@xxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, announce@xxxxxxxxxx, security@xxxxxxxxxxxxxxxx
Subject: [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability
From: Bertrand Delacretaz <bdelacretaz@xxxxxxxxxx>
Date: Fri, 6 Jul 2012 11:12:34 +0200

CVE-2012-2138 : Apache Sling denial of service vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
org.apache.sling.servlets.post bundle up to 2.1.0

Description:
The @CopyFrom operation of the Sling POST servlet allows for copying a
parent node to one of its descendant nodes, creating an infinite loop
that ultimately results in denial of service, once memory and/or
storage resources are exhausted.

Mitigation:
Users should upgrade to version 2.1.2 of the
org.apache.sling.servlets.post bundle [1], or apply the Sling patch of
revision 1352865 [2].

Example:
curl -u admin:pwd -d "" "http://localhost:8888/content/foo/?./%40CopyFrom=../";

Credit:
This issue was discovered by IO Active, working for Adobe.

References:
[1] http://sling.apache.org/site/downloads.cgi
[2] http://svn.apache.org/viewvc?view=revision&revision=1352865
https://issues.apache.org/jira/browse/SLING-2517

Prev by Date: AST-2012-011: Remote crash vulnerability in voice mail application
Next by Date: BookNux 0.2 <= Multiple Vulnerabilities
Previous by thread: AST-2012-011: Remote crash vulnerability in voice mail application
Next by thread: BookNux 0.2 <= Multiple Vulnerabilities
Index(es):
- Date
- Thread