CVE-2013-4390
https://notcve.org/view.php?id=CVE-2013-4390
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS." Vulnerabilidad en el AbstractAuthenticationFormServlet en bloque Auth (org.apache.sling.auth.core) antes de 1.1.4 de Apache Sling permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL en el parámetro recurso , en relación con "un formulario de acceso personalizado y XSS." • http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E http://secunia.com/advisories/55249 http://www.securityfocus.com/bid/63241 https://issues.apache.org/jira/browse/SLING-3141 • CWE-20: Improper Input Validation •
CVE-2013-2254
https://notcve.org/view.php?id=CVE-2013-2254
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. La función deepGetOrCreateNode en impl/operations/AbstractCreateOperation.java en org.apache.sling.servlets.post.bundle 2.2.0 y 2.3.0 de Apache Sling no maneja apropiadamente un valor nulo que es devuelto cuando la sesión no tiene permisos para el nodo raíz, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de vectores no especificados. • http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4pue6PnESsP1KTdEDJm1gpkANFaK%2BvUd9mzEVT7tXL%2B3A%40mail.gmail.com%3E http://secunia.com/advisories/55157 http://www.securityfocus.com/bid/62903 https://exchange.xforce.ibmcloud.com/vulnerabilities/87765 https://issues.apache.org/jira/browse/SLING-2913 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2138 – Apache Sling - Denial of Service
https://notcve.org/view.php?id=CVE-2012-2138
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. La operación @CopyFrom en el servlet POST en el conjunto org.apache.sling.servlets.post anteriores a v2.1.2 en Apache Sling no previene intentos de copia sobre un nodo de nivel superior sobre uno de nivel inferior, lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una petición HTTP. The CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of its descendant nodes, creating an infinite loop that ultimately results in denial of service, once memory and/or storage resources are exhausted. • https://www.exploit-db.com/exploits/37487 http://mail-archives.apache.org/mod_mbox/www-announce/201207.mbox/%3CCAEWfVJ=PwoQmwJg0KmbrC17Gw51kgfKRsqgy=4RpMQsdGh0bVg%40mail.gmail.com%3E http://svn.apache.org/viewvc?view=revision&revision=1352865 https://issues.apache.org/jira/browse/SLING-2517 • CWE-264: Permissions, Privileges, and Access Controls •