3 results (0.007 seconds)

CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 1

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461. Apache Geronimo v2.2.1 y anteriores calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad de parámetros a mano. NOTA: este podría superponerse CVE-2011-4461. • https://www.exploit-db.com/exploits/2012 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://secunia.com/advisories/47412 http://www.kb.cert.org/vuls/id/903934 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py https://lists.apache.org/thread.html/r20957aa5962a48328f199e2373f408aeeae601a45dd5275a195e2b6e%40%3Cjava-dev.axis.apache.org%3E https:/&#x • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. El SQLLoginModule en el Apache Geronimo 2.0 hasta el 2.1 no lanza una excepción para nombre de usuarios no existentes, lo que permite a atacantes remotos evitar la autenticación mediante un intento de registrase con algún usuario que no esté contenido en la Base de Datos. • http://osvdb.org/38662 http://secunia.com/advisories/27478 http://secunia.com/advisories/27482 http://www-1.ibm.com/support/docview.wss?uid=swg21286105 http://www.securityfocus.com/bid/26287 http://www.vupen.com/english/advisories/2007/3675 http://www.vupen.com/english/advisories/2007/3676 https://issues.apache.org/jira/browse/GERONIMO-3543 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 7%CPEs: 2EXPL: 0

Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. Vulnerabilidad no especificada en el EJB de administración (management EJB o MEJB) de Apache Geronimo anterior a 2.0.2 permite a atacantes remotos evitar la autenticación y obtener "acceso al interior de Geronimo" a través de vectores no especificados. • http://geronimo.apache.org/2007/09/07/mejb-security-alert.html http://osvdb.org/38661 http://secunia.com/advisories/26906 http://secunia.com/advisories/27464 http://www-1.ibm.com/support/docview.wss?uid=swg21271586 http://www.securityfocus.com/bid/25804 http://www.securitytracker.com/id?1018877 https://issues.apache.org/jira/browse/GERONIMO-3456 • CWE-287: Improper Authentication •