[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2017-15700 - Apache Sling Authentication Service vulnerability
From: Antonio Sanso <asanso () adobe ! com>
Date: 2017-12-18 15:45:25
Message-ID: B2EABFD5-AB0F-45B2-893A-FC86F95A59F0 () adobe ! com
[Download RAW message or body]
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Sling Authentication Service 1.4.0
Description:
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method al=
lows an attacker, through the Sling login form, to trick a victim to send o=
ver their credentials.
Mitigation:
Users should upgrade to version 1.4.2 or later of the Apache Sling Authenti=
cation Service module
Credit:
Fran=E7ois Lajeunesse-Robert
=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic