7.5

CVE-2007-5797

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheGeronimo Version2.0
ApacheGeronimo Version2.0.1
ApacheGeronimo Version2.0.2
ApacheGeronimo Version2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.15% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://osvdb.org/38662
http://secunia.com/advisories/27478
http://secunia.com/advisories/27482
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21286105
http://www.securityfocus.com/bid/26287
http://www.vupen.com/english/advisories/2007/3675
http://www.vupen.com/english/advisories/2007/3676
https://issues.apache.org/jira/browse/GERONIMO-3543