Maven package
org.apache.sling/org.apache.sling.auth.core
pkg:maven/org.apache.sling/org.apache.sling.auth.core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15700 | Hig | 8.8 | >= 1.4.0, < 1.4.2 | 1.4.2 | Dec 18, 2017 | A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | |
| CVE-2013-4390 | — | < 1.1.4 | 1.1.4 | Oct 24, 2013 | Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter |
- affected >= 1.4.0, < 1.4.2fixed 1.4.2
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
- CVE-2013-4390Oct 24, 2013affected < 1.1.4fixed 1.1.4
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter