CVE-2007-4548

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 27 August 2007

Summary

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

References

https://issues.apache.org/jira/browse/GERONIMO-3404

x_refsource_CONFIRM

http://geronimo.apache.org/2007/08/13/apache-geronimo-v20...

x_refsource_CONFIRM

http://geronimo.apache.org/2007/08/21/apache-geronimo-201...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 27, 2007