Vulnerabilities > Apache > Sling Authentication Service

DATE CVE VULNERABILITY TITLE RISK
2017-12-18 CVE-2017-15700 Information Exposure vulnerability in Apache Sling Authentication Service 1.4.0
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
network
low complexity
apache CWE-200
8.8