CVE-2007-4548

NONECVSS 0.0

0.0

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

🔗 References (10)

cve@mitrehttp://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html
cve@mitrehttp://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html
cve@mitrehttp://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html
cve@mitrehttps://issues.apache.org/jira/browse/GERONIMO-1201
cve@mitrehttps://issues.apache.org/jira/browse/GERONIMO-3404
af854a3a-2127-422b-91ae-364da2661108http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html
af854a3a-2127-422b-91ae-364da2661108http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html
af854a3a-2127-422b-91ae-364da2661108http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/GERONIMO-1201
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/GERONIMO-3404

Is Your Infrastructure Affected by CVE-2007-4548?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4548

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4548?