Authentication Bypass in Apache Geronimo 2.0
CVE-2007-4548

Currently unrated

Key Information:

Vendor

Apache
Status
Geronimo
Vendor
CVE Published:
27 August 2007

What is CVE-2007-4548?

The login method in specific LoginModule implementations within Apache Geronimo 2.0 lacks proper handling of failed login attempts, which allows attackers to bypass authentication. By exploiting this vulnerability, a remote attacker can deploy arbitrary modules and potentially gain administrative access by providing blank credentials through the command-line deployer in the deployment module. This oversight poses significant security risks, as it can lead to unauthorized access and manipulation of deployed applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://issues.apache.org/jira/browse/GERONIMO-3404
x_refsource_CONFIRM
http://geronimo.apache.org/2007/08/13/apache-geronimo-v20...
x_refsource_CONFIRM
http://geronimo.apache.org/2007/08/21/apache-geronimo-201...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.