CVE-2007-5797

CWE-287Improper Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Geronimo
Timeline
PublishedNov 3
Latest updateMay 1

Description

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapache/geronimo4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-7mfx-869f-5w95: SQLLoginModule in Apache Geronimo 22022-05-01
CVEList
CVE-2007-5797: SQLLoginModule in Apache Geronimo 22007-11-03

📋Vendor Advisories

1
Red Hat
CVE-2007-5797: SQLLoginModule in Apache Geronimo 2
CVE-2007-5797 (HIGH CVSS 7.5) | SQLLoginModule in Apache Geronimo 2 | cvebase.io