PT-2015-5993 · Apache · Apache Sling Servlets Post+1

Henry Kuijpers

Publicado

2015-06-02

Atualizado

2022-05-13

CVE-2015-2944

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Sling API versions prior to 2.2.2 Apache Sling Servlets Post versions prior to 2.1.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the URI. This is related to the org/apache/sling/api/servlets/HtmlResponse and org/apache/sling/servlets/post/HtmlResponse components.

Recommendations For Apache Sling API versions prior to 2.2.2, update to version 2.2.2 or later. For Apache Sling Servlets Post versions prior to 2.1.2, update to version 2.1.2 or later. As a temporary workaround, consider restricting access to the org/apache/sling/api/servlets/HtmlResponse and org/apache/sling/servlets/post/HtmlResponse components until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2015-2944

GHSA-RXVX-44W5-44R7

Produtos afetados

Apache Sling

Apache Sling Servlets Post

PT-2015-5993 · Apache · Apache Sling Servlets Post+1

CVE-2015-2944

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16