Lucene search

Veracode Vulnerability DatabaseVERACODE:13508

HistoryMar 25, 2019 - 8:40 a.m.

Authentication Bypass

2019-03-2508:40:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Apache Geronimo is vulnerable to authentication bypass. This is caused by improper exception handling for failed logins, which would allow a remote attacker to bypass authentication requirements and deploy arbitrary modules and gain administrative access by submitting a blank username and password with the command line deployer in the deployment module.

CPENameOperatorVersion
geronimo applications, console :: corele2.0.2

CPE	Name	Operator	Version
	geronimo applications, console :: core	le	2.0.2

References

geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html

geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html

www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html

issues.apache.org/jira/browse/GERONIMO-1201

issues.apache.org/jira/browse/GERONIMO-3404

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:13508