Description
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Remediation
References
http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E
http://secunia.com/advisories/55249
http://www.securityfocus.com/bid/63241
https://issues.apache.org/jira/browse/SLING-3141
Related Vulnerabilities
CVE-2023-37951 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2020-13935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2016-0732 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2020-2157 Vulnerability in maven package org.jenkins-ci.plugins:skytap
CVE-2012-0047 Vulnerability in maven package org.apache.wicket:wicket