Lucene search

Veracode Vulnerability DatabaseVERACODE:20701

HistoryJul 08, 2019 - 11:31 a.m.

Authentication Bypass

2019-07-0811:31:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

geronimo is vulnerable to authentication bypass. A remote attacker is able to bypass the login function by attempting to login using a non-existent username.

CPENameOperatorVersion
geronimo :: securityle2.0.2
geronimo framework, modules :: securityeq2.1
geronimo :: securityle2.0.2
geronimo framework, modules :: securityeq2.1

Name	Operator	Version
geronimo :: security	le	2.0.2
geronimo framework, modules :: security	eq	2.1
geronimo :: security	le	2.0.2
geronimo framework, modules :: security	eq	2.1

References

osvdb.org/38662

secunia.com/advisories/27478

secunia.com/advisories/27482

www-1.ibm.com/support/docview.wss?uid=swg21286105

www.securityfocus.com/bid/26287

www.vupen.com/english/advisories/2007/3675

www.vupen.com/english/advisories/2007/3676

issues.apache.org/jira/browse/GERONIMO-3543

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:20701