CVE-2017-15700

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:sling_authentication_service:1.4.0:*:*:*:*:*:*:*

Information

Published : 2017-12-18 12:29

Updated : 2018-01-05 06:20


NVD link : CVE-2017-15700

Mitre link : CVE-2017-15700


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

apache

  • sling_authentication_service