CVE-2007-4548

critical Apache
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
1.7%
Exploitation probability in 30 days
Top 18% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: August 27, 2007 (6834 days ago)
Last Modified: April 23, 2026
Vendor: Apache
Source: NVD

Description

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

CWE

CWE-287

Affected Products

apache geronimo

References

🔗 geronimo.apache.org 🔗 geronimo.apache.org 🔗 www.nabble.com 🔗 issues.apache.org 🔗 issues.apache.org