Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4548

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4548
Last Modified 05 Sep 2008 05:28:30
Published 27 Aug 2007 07:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4548

Summary

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

Vulnerable Systems

Application

  • Apache Geronimo 2.0


References

CONFIRM - https://issues.apache.org/jira/browse/GERONIMO-3404

MISC - https://issues.apache.org/jira/browse/GERONIMO-1201

MLIST - [dev] 20070813 Geronimo 2.0 Release suspended due to security issue found before release

MISC - http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html

CONFIRM - http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html


Last Updated: 27 May 2016 10:45:54