Moderate severityNVD Advisory· Published Oct 24, 2013· Updated Jun 16, 2026
CVE-2013-4390
CVE-2013-4390
Description
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.sling:org.apache.sling.auth.coreMaven | < 1.1.4 | 1.1.4 |
Affected products
7cpe:2.3:a:apache:sling_auth_core_component:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:apache:sling_auth_core_component:*:*:*:*:*:*:*:*range: <=1.1.2
- cpe:2.3:a:apache:sling_auth_core_component:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:sling_auth_core_component:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:sling_auth_core_component:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:sling_auth_core_component:1.1.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3EnvdVendor AdvisoryWEB
- secunia.com/advisories/55249nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-j7f2-cqvq-5jcfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4390ghsaADVISORY
- www.securityfocus.com/bid/63241nvdWEB
- github.com/apache/sling-org-apache-sling-auth-core/commit/d1cd9aaa3432d577b65c50b3fbdc36d5d667ca46ghsaWEB
- issues.apache.org/jira/browse/SLING-3141nvdWEB
News mentions
0No linked articles in our index yet.