CVE-2007-4548
First published: Mon Aug 27 2007(Updated: )
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Geronimo | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html
- http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html
- https://issues.apache.org/jira/browse/GERONIMO-1201
- http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html
- https://issues.apache.org/jira/browse/GERONIMO-3404
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache geronimo
- version/apache geronimo/2.0