Skip to main content

Sling Authentication Service

1 CVEs product

Monthly

CVE-2017-15700 Maven HIGH PATCH This Week

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Sling Authentication Service
NVD
CVSS 3.0
8.8
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Sling Authentication Service
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy