CVE-2017-15700 - Apache Sling Authentication Service vulnerability

[Antonio Sanso <asanso () adobe com>]

Severity: High

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Authentication Service 1.4.0

Description:
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method allows an attacker, through the Sling login 
form, to trick a victim to send over their credentials.

Mitigation:
Users should upgrade to version 1.4.2 or later of the Apache Sling Authentication Service module

Credit:
François Lajeunesse-Robert