oss-sec mailing list archives
CVE-2017-15700 - Apache Sling Authentication Service vulnerability
From: Antonio Sanso <asanso () adobe com>
Date: Mon, 18 Dec 2017 15:45:25 +0000
Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Sling Authentication Service 1.4.0 Description: A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method allows an attacker, through the Sling login form, to trick a victim to send over their credentials. Mitigation: Users should upgrade to version 1.4.2 or later of the Apache Sling Authentication Service module Credit: François Lajeunesse-Robert
Current thread:
- CVE-2017-15700 - Apache Sling Authentication Service vulnerability Antonio Sanso (Dec 18)