CVE-2013-2254
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2013-2254
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Sling ‘deepGetOrCreateNode()’函数拒绝服务漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Sling是美国阿帕奇(Apache)软件基金会的一套用于Java平台上的开源Web框架。该框架可在JCR内容库(Java Content Repository)上创建面向内容的应用。 Apache Sling中的org.apache.sling.servlets.post.bundle 2.2.0和2.3.0版本中的impl/operations/AbstractCreateOperation.java文件中的deepGetOrCreateNode函数中存在拒绝服务漏洞,该漏洞源于程序没有
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2013-2254
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2013-2254
请登录查看更多情报信息。
- 🔗 https://issues.apache.org/jira/browse/SLING-2913x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2013-2254
Same Patch Batch · n/a · 2013-10-17 · 19 CVEs total
| CVE-2013-4689 | Juniper Junos J-Web 跨站请求伪造漏洞 | |
| CVE-2013-5376 | IBM Storwize V7000 Unified 跨站脚本漏洞 | |
| CVE-2013-4389 | Ruby on Rails Action Mailer 格式化字符串漏洞 | |
| CVE-2013-3025 | IBM Rational Focal Point 跨站脚本漏洞 | |
| CVE-2013-0500 | IBM Storwize V7000 Unified 输入验证漏洞 | |
| CVE-2013-6170 | Juniper Junos 输入验证漏洞 | |
| CVE-2013-6169 | Ejabberd TLS驱动程序加密问题漏洞 | |
| CVE-2013-6015 | Juniper Networks Junos 远程拒绝服务漏洞 | |
| CVE-2013-6013 | Juniper Junos Flow Daemon 缓冲区溢出漏洞 | |
| CVE-2013-2190 | Clutter ‘translate_hierarchy_event’函数权限许可和访问控制漏洞 | |
| CVE-2013-4397 | Libtar 数字错误漏洞 | |
| CVE-2013-4371 | Xen libxl_list_cpupool函数释放后重用漏洞 | |
| CVE-2013-4370 | Xen xc_vcpu_getaffinity函数缓冲区溢出漏洞 | |
| CVE-2013-4369 | Xen xlu_vif_parse_rate函数拒绝服务漏洞 | |
| CVE-2013-4368 | Xen Outs指令模拟信息泄露漏洞 | |
| CVE-2013-4365 | Apache mod_fcgid fcgid_header_bucket_read函数缓冲区错误漏洞 | |
| CVE-2013-4363 | Ruby 加密问题漏洞 | |
| CVE-2013-4287 | RubyGems 拒绝服务漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2013-2254
No comments yet