Apache Sling Authentication Service 1.4.0 - Credential Theft via Login Form Vulnerability
CVE-2017-15700 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
Learn more about our Cis Benchmark Audit For Apache Http Server.