CVE-2011-5034

CVE-2011-5034 affects Apache Geronimo 2.2.1 and earlier, where hash values for form parameters can trigger collisions, enabling a remote attacker to cause CPU exhaustion (DoS) by sending many crafted parameters. The linked IBM/QRadar entries confirm the association of this CVE with Jetty-based co...

CVE-2006-0254

CVE-2006-0254 describes cross-site scripting in Apache Geronimo 1.0 via the time parameter to cal2.jsp and any invalid parameter, exploitable when the log file is viewed in the Web-Access-Log viewer. Related OSV/GHSA entries confirm XenS issues and note that Geronimo 1.1 contains fixes. Remediati...

CVE-2009-0039

Apache Geronimo Application Server CSRF vulnerabilities (CVE-2009-0039) affect the web administration console in Geronimo 2.1–2.1.3. The issue allows remote attackers to hijack administrator sessions and perform actions (e.g., change password, upload apps, Shutdown) via forgery. The CVE descripti...

CVE-2013-1777

The CVE-2013-1777 issue is concrete: Apache Geronimo 3.x (notably in WebSphere Application Server Community Edition 3.0.0.3) exposes an RMI classloader misconfiguration that allows remote attackers to execute arbitrary code by sending a crafted serialized object through JMX. The root cause is imp...

CVE-2008-5518

CVE-2008-5518 corresponds to multiple directory traversal vulnerabilities in the Apache Geronimo Application Server 2.1–2.1.3 on Windows, affecting the web administration console. A remote attacker could upload files to arbitrary directories via traversal sequences in parameters for the Services/...

CVE-2009-0038

CVE-2009-0038 refers to multiple cross-site scripting (XSS) vulnerabilities in the Apache Geronimo web administration console (versions 2.1 to 2.1.3). The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via parameters (name, ip, username, description) to console/port...

CVE-2008-0732

CVE-2008-0732 concerns the init script used by Apache Geronimo on SUSE Linux. The issue arises when the script follows symlinks during a chown operation, which could allow a local attacker to obtain access to unspecified files or directories. The available connected documents confirm the vulnerab...

CVE-2007-4548

CVE-2007-4548 : Apache Geronimo 2.0’s LoginModule implementations do not throw FailedLoginException on failed logins, allowing remote authentication bypass and unauthorized module deployment/gain of admin access by sending a blank username/password via the deployment module. Related advisories (e...

CVE-2007-5085

CVE-2007-5085 affects Apache Geronimo’s management EJB (MEJB) and is exploitable before version 2.0.2. The vulnerability allows remote attackers to bypass authentication and gain access to Geronimo internals via unspecified vectors. Affected component is MEJB in Geronimo prior to 2.0.2; root caus...

CVE-2007-5797

Apache Geronimo 2.0–2.1 is affected by CVE-2007-5797 due to a SQLLoginModule/LoginModule path that does not throw an exception for a nonexistent username. This results in remote authentication bypass, permitting a login attempt with any username not in the database to succeed. The concrete descri...