The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-27T23:00:00Z

Updated: 2024-09-17T01:50:41.060Z

Reserved: 2007-08-27T00:00:00Z

Link: CVE-2007-4548

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2007-08-27T23:17:00.000

Modified: 2008-09-05T21:28:30.143

Link: CVE-2007-4548

cve-icon Redhat

No data.