CVE-2017-15700
published 2017-12-18CVE-2017-15700: A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | sling_authentication_service | — | — |
| apache_software_foundation | apache_sling | — | — |