CVE-2007-4548

Apache Geronimo 2.0 - Improper Authentication via Blank Credentials Bypass

Title source: llm
STIX 2.1

Description

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

Scores

EPSS 0.0419
EPSS Percentile 89.7%

Details

CWE
CWE-287
Status published
Products (1)
apache/geronimo 2.0
Published Aug 27, 2007
Tracked Since Feb 18, 2026