CVE-2007-4548
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
27/08/2007
Last modified:
09/04/2025
Description
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:geronimo:2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html
- http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html
- http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html
- https://issues.apache.org/jira/browse/GERONIMO-1201
- https://issues.apache.org/jira/browse/GERONIMO-3404
- http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html
- http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html
- http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html
- https://issues.apache.org/jira/browse/GERONIMO-1201
- https://issues.apache.org/jira/browse/GERONIMO-3404