Apache Geronimo is vulnerable to authentication bypass. This is caused by improper exception handling for failed logins, which would allow a remote attacker to bypass authentication requirements and deploy arbitrary modules and gain administrative access by submitting a blank username and password with the command line deployer in the deployment module.
CPE | Name | Operator | Version |
---|---|---|---|
geronimo applications, console :: core | le | 2.0.2 |
geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html
geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html
www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html
issues.apache.org/jira/browse/GERONIMO-1201
issues.apache.org/jira/browse/GERONIMO-3404