Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Sling 拒绝服务漏洞
Vulnerability Description
Apache Sling是美国阿帕奇(Apache)软件基金会的一套用于Java平台上的开源Web框架。该框架可在JCR内容库(Java Content Repository)上创建面向内容的应用。 Apache Sling中的org.apache.sling.servlets.post bundle 2.1.2之前版本中的POST servlet内的@CopyFrom操作中存在漏洞,该漏洞源于未阻止尝试拷贝父节点到其后代节点。远程攻击者可利用该漏洞通过特制的HTTP请求导致拒绝服务(无限循环)。
CVSS Information
N/A
Vulnerability Type
N/A