The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-08-27T23:00:00Z
Updated: 2024-09-17T01:50:41.060Z
Reserved: 2007-08-27T00:00:00Z
Link: CVE-2007-4548
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2007-08-27T23:17:00.000
Modified: 2008-09-05T21:28:30.143
Link: CVE-2007-4548
Redhat
No data.