A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
References
Link | Resource |
---|---|
https://lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621@%3Cdev.sling.apache.org%3E | Issue Tracking Mailing List Vendor Advisory |
Configurations
Information
Published : 2017-12-18 12:29
Updated : 2018-01-05 06:20
NVD link : CVE-2017-15700
Mitre link : CVE-2017-15700
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apache
- sling_authentication_service