Improper input validation in Apache Sling
CVE-2013-4390
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing at…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.013 (80.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Sling
- Apache Sling_auth_core_component — versions 1.0.2, 1.0.4, 1.0.6
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- 63241 (vdb-entry, x_refsource_BID)
- [sling-dev] 20131020 CVE-2013-4390: Apache Sling open redirect on login (Vendor Advisory, mailing-list, x_refsource_MLIST)
- 55249 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)