GitHub user bond- opened a pull request:
https://github.com/apache/sling/pull/12
SLING-3443: Parameter based redirection vulnerability in
FormAuthenticationHandler
*FormAuthenticationHandler* didn't url encode the
parameter(*Authenticator.LOGIN_RESOURCE*) before redirection. This leads the
attacker to use this parameter to redirect to a different domain. This may also
help in phishing attacks.
This was initially spotted in one of our applications which use
org.apache.sling:org.apache.sling.auth.form:1.0.2
This pull request fixes the vulnerability.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/bond-/sling sling-3443
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/sling/pull/12.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #12
----
commit d1531735762e7423404f1e304dfc4c483f9556de
Author: Raviteja Lokineni <[email protected]>
Date: 2014-03-08T12:24:52Z
SLING-3443: Parameter based redirection vulnerability in
FormAuthenticationHandler
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
