CVE-2007-5085

Apache Geronimo - Authentication Bypass

Title source: rule

Description

Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.

References (8)

[Various Sources] http://geronimo.apache.org/2007/09/07/mejb-security-alert.html

[Third Party Advisory, VDB Entry] http://osvdb.org/38661

[Vendor Advisory] http://secunia.com/advisories/26906

[Various Sources] http://www-1.ibm.com/support/docview.wss?uid=swg21271586

[Various Sources] https://issues.apache.org/jira/browse/GERONIMO-3456

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25804

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018877

[Third Party Advisory] http://secunia.com/advisories/27464

Scores

EPSS 0.0070

EPSS Percentile 71.7%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

apache/geronimo

Timeline

Published Sep 26, 2007

Tracked Since Feb 18, 2026