Open Redirect Vulnerability in Apache Sling Auth Core
CVE-2013-4390

Currently unrated

Key Information:

Vendor: Apache
Status: Sling Auth Core Component; Sling
Vendor: CVE Published:; 24 October 2013

Summary

An open redirect vulnerability exists in the AbstractAuthenticationFormServlet within the Auth Core of Apache Sling versions prior to 1.1.4. This flaw enables remote attackers to manipulate the resource parameter to redirect users to arbitrary external sites. As a result, this can facilitate phishing attacks by deceiving users into providing sensitive information under the guise of a legitimate authentication process.

References

https://issues.apache.org/jira/browse/SLING-3141

x_refsource_CONFIRM

http://www.securityfocus.com/bid/63241

vdb-entryx_refsource_BID

http://mail-archives.apache.org/mod_mbox/sling-dev/201310...

mailing-listx_refsource_MLIST

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013