CVE-2007-4548

CWE-287Improper Authentication3 documents3 sources
Severity
10.0CRITICAL
EPSS
0.8%
top 25.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Geronimo
Timeline
PublishedAug 27
Latest updateMay 1

Description

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: issues.apache.orgPatch: issues.apache.org

🔴Vulnerability Details

2
GHSA
GHSA-552j-r9hx-pgwr: The login method in LoginModule implementations in Apache Geronimo 22022-05-01
CVEList
CVE-2007-4548: The login method in LoginModule implementations in Apache Geronimo 22007-08-27
CVE-2007-4548 (CRITICAL CVSS 10) | The login method in LoginModule imp | cvebase.io