CVE-2023-26513

EPSS 3.04%
Veröffentlicht 20.03.2023 13:15:11
Zuletzt bearbeitet 21.11.2024 07:51:39
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Sling Resource Merger Version >= 1.2.0 < 1.4.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.04%	0.866

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@apache.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://lists.apache.org/thread/xpcpo1y88ldss5hgmvogsf6h3735l5zb

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-26513

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-26513

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-26513

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-26513