CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5797

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://osvdb.org/38662
http://secunia.com/advisories/27478
http://secunia.com/advisories/27482
http://www-1.ibm.com/support/docview.wss?uid=swg21286105
http://www.securityfocus.com/bid/26287
http://www.vupen.com/english/advisories/2007/3675
http://www.vupen.com/english/advisories/2007/3676
https://issues.apache.org/jira/browse/GERONIMO-3543
http://osvdb.org/38662
http://secunia.com/advisories/27478
http://secunia.com/advisories/27482
http://www-1.ibm.com/support/docview.wss?uid=swg21286105
http://www.securityfocus.com/bid/26287
http://www.vupen.com/english/advisories/2007/3675
http://www.vupen.com/english/advisories/2007/3676
https://issues.apache.org/jira/browse/GERONIMO-3543

Products affected by CVE-2007-5797

Apache » Geronimo » Version: 2.0

cpe:2.3:a:apache:geronimo:2.0
Apache » Geronimo » Version: 2.0.1

cpe:2.3:a:apache:geronimo:2.0.1
Apache » Geronimo » Version: 2.0.2

cpe:2.3:a:apache:geronimo:2.0.2
Apache » Geronimo » Version: 2.1

cpe:2.3:a:apache:geronimo:2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5797

Products

Pricing

Contact Us