High severity8.8NVD Advisory· Published Dec 18, 2017· Updated Jun 17, 2026
CVE-2017-15700
CVE-2017-15700
Description
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.sling:org.apache.sling.auth.coreMaven | >= 1.4.0, < 1.4.2 | 1.4.2 |
Affected products
3- cpe:2.3:a:apache:sling_authentication_service:1.4.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vcvp-89fq-hwj8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15700ghsaADVISORY
- lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621@%3Cdev.sling.apache.org%3EghsaWEB
- lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621%40%3Cdev.sling.apache.org%3Envd
News mentions
0No linked articles in our index yet.