Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E - Vendor Advisory | |
References | () http://secunia.com/advisories/55249 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/63241 - | |
References | () https://issues.apache.org/jira/browse/SLING-3141 - |
Information
Published : 2013-10-24 03:48
Updated : 2024-11-21 01:55
NVD link : CVE-2013-4390
Mitre link : CVE-2013-4390
CVE.ORG link : CVE-2013-4390
JSON object : View
Products Affected
apache
- sling
- sling_auth_core_component
CWE
CWE-20
Improper Input Validation