{"api_version":"1","generated_at":"2026-04-22T23:20:11+00:00","cve":"CVE-2007-4548","urls":{"html":"https://cve.report/CVE-2007-4548","api":"https://cve.report/api/cve/CVE-2007-4548.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-4548","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-4548"},"summary":{"title":"CVE-2007-4548","description":"The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-08-27 23:17:00","updated_at":"2008-09-05 21:28:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html","name":"http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html","refsource":"CONFIRM","tags":[],"title":"Apache Geronimo v2.0 - Release delayed due to security issue : Apache Geronimo","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.apache.org/jira/browse/GERONIMO-3404","name":"https://issues.apache.org/jira/browse/GERONIMO-3404","refsource":"CONFIRM","tags":["Patch"],"title":"[GERONIMO-3404] Using a Null Username allows access to a running 2.0 server - ASF JIRA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.apache.org/jira/browse/GERONIMO-1201","name":"https://issues.apache.org/jira/browse/GERONIMO-1201","refsource":"MISC","tags":[],"title":"[GERONIMO-1201] All our login modules implement login() incorrectly - ASF JIRA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html","name":"http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html","refsource":"MISC","tags":[],"title":"Apache Geronimo 2.0.1 - Released : Apache Geronimo","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html","name":"[dev] 20070813 Geronimo 2.0 Release suspended due to security issue found before release","refsource":"MLIST","tags":[],"title":"Nabble - Apache Geronimo - Dev - Geronimo 2.0 Release suspended due to security issue found before release","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-4548","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-4548","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"4548","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"geronimo","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4548","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"geronimo","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-4548","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://issues.apache.org/jira/browse/GERONIMO-3404","refsource":"CONFIRM","url":"https://issues.apache.org/jira/browse/GERONIMO-3404"},{"name":"http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html","refsource":"CONFIRM","url":"http://geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.html"},{"name":"http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html","refsource":"MISC","url":"http://geronimo.apache.org/2007/08/21/apache-geronimo-201-released.html"},{"name":"[dev] 20070813 Geronimo 2.0 Release suspended due to security issue found before release","refsource":"MLIST","url":"http://www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.html"},{"name":"https://issues.apache.org/jira/browse/GERONIMO-1201","refsource":"MISC","url":"https://issues.apache.org/jira/browse/GERONIMO-1201"}]}},"nvd":{"publishedDate":"2007-08-27 23:17:00","lastModifiedDate":"2008-09-05 21:28:00","problem_types":["CWE-287"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:geronimo:2.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"4548","Ordinal":"27220","Title":"CVE-2007-4548","CVE":"CVE-2007-4548","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"4548","Ordinal":"1","NoteData":"The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"4548","Ordinal":"2","NoteData":"2007-08-27","Type":"Other","Title":"Published"}]}}}