CVE-2017-15700

HIGH

Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-15700. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary The repository contains a technical analysis of CVE-2017-15700, focusing on vulnerable Java files in the Apache Sling authentication core. It includes source code for authentication utilities and servlets, with a README guiding the analysis of specific test files and methods.

Description

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

Exploits (2)

nomisec WRITEUP

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2017-15700-sling-org-apache-sling-auth-core-vulnerable

View Code ZIP pw:eip

The repository contains a technical analysis of CVE-2017-15700, focusing on vulnerable Java files in the Apache Sling authentication core. It includes source code for authentication utilities and servlets, with a README guiding the analysis of specific test files and methods.

Classification

Writeup 80%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: Apache Sling Authentication Core

No auth needed

Prerequisites: Access to vulnerable Apache Sling instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2017-15700-sling-org-apache-sling-auth-core-vulnerable

View Code ZIP pw:eip

This repository contains the vulnerable source code of Apache Sling Auth Core (CVE-2017-15700), which is an authentication bypass vulnerability. The code includes core authentication classes and utilities, but no exploit PoC or technical analysis is provided.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: Apache Sling Auth Core

No auth needed

Prerequisites: Access to a vulnerable Apache Sling instance

MITRE ATT&CK

T1550 - Use Alternate Authentication Material

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621%40%3Cdev.sling.apache.org%3E

Scores

CVSS v3 8.8

EPSS 0.0022

EPSS Percentile 45.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (3)

apache/sling_authentication_service 1.4.0

Apache Software Foundation/Apache Sling Authentication Service 1.4.0

org.apache.sling/org.apache.sling.auth.core 1.4.0 - 1.4.2Maven

Published Dec 18, 2017

Tracked Since Feb 18, 2026