Search criteria
4 vulnerabilities found for sling_servlets_post by apache
CVE-2017-9802 (GCVE-0-2017-9802)
Vulnerability from nvd – Published: 2017-08-14 13:00 – Updated: 2024-08-05 17:18
VLAI?
Summary
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100284"
},
{
"name": "20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541024/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html"
},
{
"name": "[dev] 20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2f4b8333e44c6e7e0b00933bd4204ce64829952f60dbb6814f2cdf91%40%3Cdev.sling.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SLING-7041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript \u0027eval\u0027 function to parse input strings, which allows for XSS attacks by passing specially crafted input strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "100284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100284"
},
{
"name": "20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/541024/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html"
},
{
"name": "[dev] 20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2f4b8333e44c6e7e0b00933bd4204ce64829952f60dbb6814f2cdf91%40%3Cdev.sling.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/SLING-7041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-9802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript \u0027eval\u0027 function to parse input strings, which allows for XSS attacks by passing specially crafted input strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100284"
},
{
"name": "20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541024/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html"
},
{
"name": "[dev] 20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2f4b8333e44c6e7e0b00933bd4204ce64829952f60dbb6814f2cdf91@%3Cdev.sling.apache.org%3E"
},
{
"name": "https://issues.apache.org/jira/browse/SLING-7041",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SLING-7041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-9802",
"datePublished": "2017-08-14T13:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2944 (GCVE-0-2015-2944)
Vulnerability from nvd – Published: 2015-06-02 14:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#61328139",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name": "74839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name": "JVNDB-2015-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
},
{
"name": "[sling-dev] 20210409 [jira] [Created] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Commented] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Comment Edited] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Resolved] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-09T14:06:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#61328139",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name": "74839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name": "JVNDB-2015-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
},
{
"name": "[sling-dev] 20210409 [jira] [Created] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Commented] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Comment Edited] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Resolved] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#61328139",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name": "74839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74839"
},
{
"name": "https://issues.apache.org/jira/browse/SLING-2082",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name": "JVNDB-2015-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
},
{
"name": "[sling-dev] 20210409 [jira] [Created] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16@%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Commented] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea@%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Comment Edited] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70@%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Resolved] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31@%3Cdev.sling.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-2944",
"datePublished": "2015-06-02T14:00:00",
"dateReserved": "2015-04-07T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9802 (GCVE-0-2017-9802)
Vulnerability from cvelistv5 – Published: 2017-08-14 13:00 – Updated: 2024-08-05 17:18
VLAI?
Summary
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100284"
},
{
"name": "20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541024/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html"
},
{
"name": "[dev] 20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2f4b8333e44c6e7e0b00933bd4204ce64829952f60dbb6814f2cdf91%40%3Cdev.sling.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SLING-7041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript \u0027eval\u0027 function to parse input strings, which allows for XSS attacks by passing specially crafted input strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "100284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100284"
},
{
"name": "20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/541024/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html"
},
{
"name": "[dev] 20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2f4b8333e44c6e7e0b00933bd4204ce64829952f60dbb6814f2cdf91%40%3Cdev.sling.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/SLING-7041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-9802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript \u0027eval\u0027 function to parse input strings, which allows for XSS attacks by passing specially crafted input strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100284"
},
{
"name": "20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541024/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143758/Apache-Sling-Servlets-Post-2.3.20-Cross-Site-Scripting.html"
},
{
"name": "[dev] 20170814 CVE-2017-9802: Apache Sling XSS vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2f4b8333e44c6e7e0b00933bd4204ce64829952f60dbb6814f2cdf91@%3Cdev.sling.apache.org%3E"
},
{
"name": "https://issues.apache.org/jira/browse/SLING-7041",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SLING-7041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-9802",
"datePublished": "2017-08-14T13:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2944 (GCVE-0-2015-2944)
Vulnerability from cvelistv5 – Published: 2015-06-02 14:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#61328139",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name": "74839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name": "JVNDB-2015-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
},
{
"name": "[sling-dev] 20210409 [jira] [Created] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Commented] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Comment Edited] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Resolved] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-09T14:06:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#61328139",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name": "74839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name": "JVNDB-2015-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
},
{
"name": "[sling-dev] 20210409 [jira] [Created] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Commented] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Comment Edited] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Resolved] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#61328139",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61328139/index.html"
},
{
"name": "74839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74839"
},
{
"name": "https://issues.apache.org/jira/browse/SLING-2082",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SLING-2082"
},
{
"name": "JVNDB-2015-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069"
},
{
"name": "[sling-dev] 20210409 [jira] [Created] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16@%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Commented] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea@%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Comment Edited] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70@%3Cdev.sling.apache.org%3E"
},
{
"name": "[sling-dev] 20210409 [jira] [Resolved] (SLING-10284) Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31@%3Cdev.sling.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-2944",
"datePublished": "2015-06-02T14:00:00",
"dateReserved": "2015-04-07T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}