Authentication Bypass in Apache Geronimo 2.0
CVE-2007-4548

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 27 August 2007

What is CVE-2007-4548?

The login method in specific LoginModule implementations within Apache Geronimo 2.0 lacks proper handling of failed login attempts, which allows attackers to bypass authentication. By exploiting this vulnerability, a remote attacker can deploy arbitrary modules and potentially gain administrative access by providing blank credentials through the command-line deployer in the deployment module. This oversight poses significant security risks, as it can lead to unauthorized access and manipulation of deployed applications.

References

https://issues.apache.org/jira/browse/GERONIMO-3404

x_refsource_CONFIRM

http://geronimo.apache.org/2007/08/13/apache-geronimo-v20...

x_refsource_CONFIRM

http://geronimo.apache.org/2007/08/21/apache-geronimo-201...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 27, 2007