CVE-2007-5797

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
Configurations

Configuration 1

cpe:2.3:a:apache:geronimo:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:2.0.2:*:*:*:*:*:*:*

Information

Published : 2007-11-03 12:46

Updated : 2011-03-08 03:01


NVD link : CVE-2007-5797

Mitre link : CVE-2007-5797

Products Affected
No products.
CWE