3 matches found
CVE-2007-4548
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with...
Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator
Summary Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2008-0732 DESCRIPTION: Apache Geronimo could allow a local attacker to obtain sensitive information, caused by the init script following symlinks during a chown...
CVE-2007-4548
CVE-2007-4548 : Apache Geronimo 2.0’s LoginModule implementations do not throw FailedLoginException on failed logins, allowing remote authentication bypass and unauthorized module deployment/gain of admin access by sending a blank username/password via the deployment module. Related advisories (e...