Open Redirect Vulnerability in Apache Sling Auth Core
CVE-2013-4390

Currently unrated

Key Information:

Vendor

Apache
Status
Sling Auth Core Component
Sling
Vendor
CVE Published:
24 October 2013

What is CVE-2013-4390?

An open redirect vulnerability exists in the AbstractAuthenticationFormServlet within the Auth Core of Apache Sling versions prior to 1.1.4. This flaw enables remote attackers to manipulate the resource parameter to redirect users to arbitrary external sites. As a result, this can facilitate phishing attacks by deceiving users into providing sensitive information under the guise of a legitimate authentication process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://issues.apache.org/jira/browse/SLING-3141
x_refsource_CONFIRM
http://www.securityfocus.com/bid/63241
vdb-entryx_refsource_BID
http://mail-archives.apache.org/mod_mbox/sling-dev/201310...
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.