| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 6 Jul 2012 11:12:34 +0200 From: Bertrand Delacretaz <bdelacretaz@...che.org> To: users <users@...ng.apache.org>, dev <dev@...ng.apache.org>, security@...che.org, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, announce@...che.org, security@...ng.apache.org Subject: [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability CVE-2012-2138 : Apache Sling denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: org.apache.sling.servlets.post bundle up to 2.1.0 Description: The @CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of its descendant nodes, creating an infinite loop that ultimately results in denial of service, once memory and/or storage resources are exhausted. Mitigation: Users should upgrade to version 2.1.2 of the org.apache.sling.servlets.post bundle [1], or apply the Sling patch of revision 1352865 [2]. Example: curl -u admin:pwd -d "" "http://localhost:8888/content/foo/?./%40CopyFrom=../" Credit: This issue was discovered by IO Active, working for Adobe. References: [1] http://sling.apache.org/site/downloads.cgi [2] http://svn.apache.org/viewvc?view=revision&revision=1352865 https://issues.apache.org/jira/browse/SLING-2517 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists