CVE-2013-4390

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:sling_auth_core_component:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:sling_auth_core_component:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:sling_auth_core_component:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:sling_auth_core_component:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:sling_auth_core_component:1.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:55

Type Values Removed Values Added
References () http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E - Vendor Advisory () http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E - Vendor Advisory
References () http://secunia.com/advisories/55249 - Vendor Advisory () http://secunia.com/advisories/55249 - Vendor Advisory
References () http://www.securityfocus.com/bid/63241 - () http://www.securityfocus.com/bid/63241 -
References () https://issues.apache.org/jira/browse/SLING-3141 - () https://issues.apache.org/jira/browse/SLING-3141 -

Information

Published : 2013-10-24 03:48

Updated : 2024-11-21 01:55


NVD link : CVE-2013-4390

Mitre link : CVE-2013-4390

CVE.ORG link : CVE-2013-4390


JSON object : View

Products Affected

apache

  • sling
  • sling_auth_core_component
CWE
CWE-20

Improper Input Validation