Apache : Security Vulnerabilities, CVEs, Published In November 2007 (Bypass)
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
Max CVSS
7.5
EPSS Score
0.53%
Published
2007-11-03
Updated
2011-03-08
1 vulnerabilities found