Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Dec 2017 15:45:25 +0000
From: Antonio Sanso <>
To: dev <>, users <>,
	"" <>,
	"" <>,
	"" <>,
	Fran├žois Lajeunesse-Robert
Subject: CVE-2017-15700 - Apache Sling Authentication Service vulnerability

Severity: High

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Authentication Service 1.4.0

A flaw in the method allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

Users should upgrade to version 1.4.2 or later of the Apache Sling Authentication Service module

Fran├žois Lajeunesse-Robert

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ