LiveActive security incident?Get immediate response
CVE Record

CVE-2017-15700: A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Ser...

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

Apache Sling Authentication Service 1.4.0 has a redirect validation flaw in its login flow. A victim can be tricked through the Sling login form into sending credentials where they should not go. The source bundle does not provide CVSS, confirmed exploitation, or a fixed version.

Executive priority

Treat as a focused credential-risk cleanup. It is not supported by known active exploitation evidence here, but affected internet-facing login surfaces should be remediated promptly because credentials are business-critical.

Technical view

The issue is in org.apache.sling.auth.core.AuthUtil#isRedirectValid in Apache Sling Authentication Service 1.4.0. The CVE description ties exploitation to the Sling login form and credential capture. Available sources do not name a CWE, patch level, exploit maturity, or detailed affected configuration.

Likely exposure

Exposure is limited to environments running Apache Sling Authentication Service 1.4.0, especially where the Sling login form is reachable by users. Products embedding Sling may need dependency-level review.

Exploitation context

The source describes attacker-induced credential disclosure through the login form. CISA KEV status is false in the bundle, and no cited source confirms active exploitation. Evidence is too limited to claim public exploitation or weaponized exploit availability.

Researcher notes

The public bundle is sparse: no CVSS, CWE, patch version, or exploit detail is provided. Analysis should stay anchored to Apache Sling Authentication Service 1.4.0 and AuthUtil#isRedirectValid until vendor advisories clarify scope.

Mitigation direction

  • Inventory Apache Sling Authentication Service versions in applications and platforms.
  • Check Apache Sling guidance for the fixed or recommended replacement version.
  • Prioritize moving away from Authentication Service 1.4.0 where found.
  • Restrict access to Sling login surfaces where business operations allow.
  • Warn users against following unexpected login links until remediation is complete.

Validation and detection

  • Confirm whether Apache Sling Authentication Service 1.4.0 is present.
  • Identify all externally reachable Sling login forms.
  • Review dependency manifests, bundles, and platform vendor bills of materials.
  • Check vendor advisories for the approved remediation target.
  • Review authentication logs for suspicious login referrals or unusual credential prompts.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2017-15700 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Apache Software FoundationApache SlingAuthentication Service 1.4.0Listed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.