Apache Sling Authentication Service 1.4.0 - Credential Theft via Login Form Vulnerability

Apache Sling Authentication Service 1.4.0 - Credential Theft via Login Form Vulnerability

CVE-2017-15700 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

Learn more about our Cis Benchmark Audit For Apache Http Server.