CVE-2015-2944
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
Improper Neutralization of Input During Web Page Generation in Apache Sling
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.sling:org.apache.sling.api | <2.2.2 | 2.2.2 |
| Maven | org.apache.sling:org.apache.sling.servlets.post | <2.1.2 | 2.1.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | sling_api | {"endIncluding":"2.2.0"} | |
| apache | sling_servlets_post | {"endIncluding":"2.1.0"} | |
References
- http://jvn.jp/en/jp/JVN61328139/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069
- http://www.securityfocus.com/bid/74839
- https://issues.apache.org/jira/browse/SLING-2082
- https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31%40%3Cdev.sling.apache.org%3E
- https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70%40%3Cdev.sling.apache.org%3E
- https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea%40%3Cdev.sling.apache.org%3E
- https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16%40%3Cdev.sling.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2015-2944
- https://lists.apache.org/thread.html/r04237d561f3e5bced0a26287454450a34275162aa6b1dbae1b707b31@%3Cdev.sling.apache.org%3E
- https://lists.apache.org/thread.html/r4f41dd891a52133abdbf7f74ad1dde80c46f157c1f1cf8c23ba60a70@%3Cdev.sling.apache.org%3E
- https://lists.apache.org/thread.html/r93d68359eb0ea8c0f26d71ca3998143f99209a24db7b4dacfc688cea@%3Cdev.sling.apache.org%3E
- https://lists.apache.org/thread.html/rd2a352858630721e7b1655bbdf85e692d6156fcfe68109e12b017b16@%3Cdev.sling.apache.org%3E
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.