Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Dec 2017 15:45:25 +0000
From: Antonio Sanso <>
To: dev <>, users <>,
	"" <>,
	"" <>,
	"" <>,
	Fran├žois Lajeunesse-Robert
Subject: CVE-2017-15700 - Apache Sling Authentication Service vulnerability

Severity: High

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Authentication Service 1.4.0

A flaw in the method allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

Users should upgrade to version 1.4.2 or later of the Apache Sling Authentication Service module

Fran├žois Lajeunesse-Robert

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.