CVE-2023-26513— Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-26513
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS
Source: NVD (National Vulnerability Database)
Vulnerability Description
Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
过度迭代
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Sling 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Sling是美国阿帕奇(Apache)基金会的一个 Java 平台的开源 Web 框架。旨在在符合 JSR-170 的内容存储库(例如 Apache Jackrabbit )上创建以内容为中心的应用程序。 Apache Sling Resource Merger 1.2.0至1.4.2之前版本存在安全漏洞,该漏洞源于对 Apache Sling 资源合并管理的特定路径的请求可能导致 DoS。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Sling Resource Merger | 1.2.0 ~ 1.4.2 | - |
II. Public POCs for CVE-2023-26513
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-26513
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-834
- CVE-2026-41313
pypdf: Possible long runtimes for wrong size values in incre - CVE-2026-41168
pypdf has possible long runtimes for wrong size values in cr - CVE-2026-27025
pypdf has possible long runtimes/large memory usage for larg - CVE-2025-67726
Tornado is Vulnerable to Quadratic DoS via Crafted Multipart - CVE-2025-62707
pypdf affected by possible infinite loop when reading DCT in
V. Comments for CVE-2023-26513
No comments yet