Home > Vulnerability Database > CVE-2013-4390

WhiteSource Vulnerability Database

CVE-2013-4390

Good to know:

Date: October 23, 2013

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."

Language: Java

Severity Score

5.8

Related Resources (5)

Url: https://issues.apache.org/jira/browse/SLING-3141

Url: http://mail-archives.apache.org/mod_mbox/sling-dev/201310.mbox/%3CCAKkCf4qdFxEW9NXBJoMsrBama8LFNyir%2B61A0Vfzp4njEpeU%3Dw%40mail.gmail.com%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-4390

Url: http://secunia.com/advisories/55249

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2013-4390

Severity Score

5.8

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2013-4390

Good to know:

Date: October 23, 2013

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v2

Do you need more information?