Apache : Security Vulnerabilities, CVEs, Published In 2007 (Gain Privilege) CVSS score >= 2
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
Max CVSS
7.5
EPSS Score
0.53%
Published
2007-11-03
Updated
2011-03-08
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.35%
Published
2007-09-26
Updated
2008-11-15
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
Max CVSS
10.0
EPSS Score
0.55%
Published
2007-08-27
Updated
2008-09-05
3 vulnerabilities found