CVSS: 5.0EPSS: 8%CPEs: 2EXPL: 0CVE-2007-5085
https://notcve.org/view.php?id=CVE-2007-5085
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. Vulnerabilidad no especificada en el EJB de administración (management EJB o MEJB) de Apache Geronimo anterior a 2.0.2 permite a atacantes remotos evitar la autenticación y obtener "acceso al interior de Geronimo" a través de vectores no especificados. • http://geronimo.apache.org/2007/09/07/mejb-security-alert.html http://osvdb.org/38661 http://secunia.com/advisories/26906 http://secunia.com/advisories/27464 http://www-1.ibm.com/support/docview.wss?uid=swg21271586 http://www.securityfocus.com/bid/25804 http://www.securitytracker.com/id?1018877 https://issues.apache.org/jira/browse/GERONIMO-3456 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4548
https://notcve.org/view.php?id=CVE-2007-4548
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. El método de entrada en las implementaciones LoginModule en Apache Geronimo 2.0 no pasa por FailedLoginException para las entradas fallidas, lo cual permite a atacantes remotos evitar los requisitios de validación, utilización de módulos de su elección, y conseguir acceso con privilegios administrativos a través del envío de un nombre de usuario en blanco y contraseñas con el desplegador de línea de comando en el módulo del despliegue. • http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html https://issues.apache.org/jira/browse/GERONIMO-1201 https://issues.apache.org/jira/browse/GERONIMO-3404 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5CVE-2006-0254 – Apache Geronimo 1.0 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0254
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. • https://www.exploit-db.com/exploits/27096 https://www.exploit-db.com/exploits/27095 http://issues.apache.org/jira/browse/GERONIMO-1474 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/18485 http://secunia.com/advisories/31493 http://www.oliverkarow.de/research/geronimo_css.txt http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securityfocus.com/archive/1/421996/100/0/threaded http://www.securityfocus.com/bid/16260 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •