CVE-2007-5797
 
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
El SQLLoginModule en el Apache Geronimo 2.0 hasta el 2.1 no lanza una excepción para nombre de usuarios no existentes, lo que permite a atacantes remotos evitar la autenticación mediante un intento de registrase con algún usuario que no esté contenido en la Base de Datos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-11-02 CVE Reserved
- 2007-11-03 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://osvdb.org/38662 | Vdb Entry | |
http://secunia.com/advisories/27478 | Third Party Advisory | |
http://www-1.ibm.com/support/docview.wss?uid=swg21286105 | X_refsource_confirm | |
http://www.securityfocus.com/bid/26287 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/3675 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/3676 | Vdb Entry | |
https://issues.apache.org/jira/browse/GERONIMO-3543 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/27482 | 2011-03-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.0 Search vendor "Apache" for product "Geronimo" and version "2.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.0.1 Search vendor "Apache" for product "Geronimo" and version "2.0.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.0.2 Search vendor "Apache" for product "Geronimo" and version "2.0.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.1 Search vendor "Apache" for product "Geronimo" and version "2.1" | - |
Affected
|