Lucene search

[email protected]CVE-2007-5085

HistorySep 26, 2007 - 10:17 a.m.

CVE-2007-5085

2007-09-2610:17:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2007-5085

apache geronimo

vulnerability

authentication bypass

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain “access to Geronimo internals” via unspecified vectors.

Affected configurations

NVD

Node

apachegeronimoMatch2.0.1

apachegeronimoMatch2.1

CPENameOperatorVersion
apache:geronimoapache geronimoeq2.0.1
apache:geronimoapache geronimoeq2.1

CPE	Name	Operator	Version
apache:geronimo	apache geronimo	eq	2.0.1
apache:geronimo	apache geronimo	eq	2.1

References

geronimo.apache.org/2007/09/07/mejb-security-alert.html

osvdb.org/38661

secunia.com/advisories/26906

secunia.com/advisories/27464

www-1.ibm.com/support/docview.wss?uid=swg21271586

www.securityfocus.com/bid/25804

www.securitytracker.com/id?1018877

issues.apache.org/jira/browse/GERONIMO-3456

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2007-5085

nvd1 veracode1 cvelist1 prion1