CVE Vulnerability

CVE-2007-4548

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html
http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html
https://issues.apache.org/jira/browse/GERONIMO-1201
http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html
https://issues.apache.org/jira/browse/GERONIMO-3404 Patch
Configurations

Configuration 1

cpe:2.3:a:apache:geronimo:2.0:*:*:*:*:*:*:*
Information

Published : 2007-08-27 11:17

Updated : 2008-09-05 09:28

NVD link : CVE-2007-4548

Mitre link : CVE-2007-4548

Products Affected
No products.
CWE
CWE-287