CVE-2017-15700

HIGH

Apache Sling Authentication Service < 1.4.2 - Information Disclosure

Title source: rule

Description

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

Exploits (2)

nomisec WRITEUP

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2017-15700-sling-org-apache-sling-auth-core-vulnerable

View Code ZIP pw:eip

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2017-15700-sling-org-apache-sling-auth-core-vulnerable

View Code ZIP pw:eip

References (1)

[Mailing List] https://lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621%40%3Cdev.sling.apache.org%3E

Scores

CVSS v3 8.8

EPSS 0.0022

EPSS Percentile 45.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (3)

apache/sling_authentication_service 1.4.0

Apache Software Foundation/Apache Sling Authentication Service 1.4.0

org.apache.sling/org.apache.sling.auth.core 1.4.0 - 1.4.2Maven

Published Dec 18, 2017

Tracked Since Feb 18, 2026