1 results (0.003 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0
CVE-2017-15700
https://notcve.org/view.php?id=CVE-2017-15700
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. Una vulnerabilidad en el método org.apache.sling.auth.core.AuthUtil#isRedirectValid en Apache Sling Authentication Service 1.4.0 permite que un atacante engañe a una víctima para que envíe sus credenciales a través del formulario de inicio de sesión de Sling. • https://lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621%40%3Cdev.sling.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •