CVE-2007-4548
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
El método de entrada en las implementaciones LoginModule en Apache Geronimo 2.0 no pasa por FailedLoginException para las entradas fallidas, lo cual permite a atacantes remotos evitar los requisitios de validación, utilización de módulos de su elección, y conseguir acceso con privilegios administrativos a través del envío de un nombre de usuario en blanco y contraseñas con el desplegador de línea de comando en el módulo del despliegue.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-08-27 CVE Reserved
- 2007-08-27 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html | X_refsource_confirm | |
| http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html | X_refsource_misc | |
| http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html | Mailing List | |
| https://issues.apache.org/jira/browse/GERONIMO-1201 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://issues.apache.org/jira/browse/GERONIMO-3404 | 2008-09-05 |
| URL | Date | SRC |
|---|