Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
BID:26287
Info
Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
| Bugtraq ID: | 26287 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5797 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 21 2007 12:00AM |
| Updated: | Nov 15 2007 12:40AM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
IBM WebSphere Application Server Community Edition 2.0 Apache Geronimo 2.0.2 Apache Geronimo 2.0.1 Apache Geronimo 2.1 Apache Geronimo 2.0 |
| Not Vulnerable: | |
Discussion
Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
Apache Geronimo is prone to an authentication-bypass vulnerability that occurs in SQLLoginModule.
An attacker can exploit this vulnerability to access the affected application; other attacks are also possible.
This issue affects Apache Geronimo 2.1, 2.0, 2.0.1, 2.0.2.
IBM WebSphere Application Server Community Edition 2.0.0.0 is vulnerable as well because it uses the affected component.
Apache Geronimo is prone to an authentication-bypass vulnerability that occurs in SQLLoginModule.
An attacker can exploit this vulnerability to access the affected application; other attacks are also possible.
This issue affects Apache Geronimo 2.1, 2.0, 2.0.1, 2.0.2.
IBM WebSphere Application Server Community Edition 2.0.0.0 is vulnerable as well because it uses the affected component.
Exploit / POC
Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
Attackers may exploit this issue using mechanisms provided by the application.
Attackers may exploit this issue using mechanisms provided by the application.
Solution / Fix
Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
Solution:
The vendor released a patch to address this issue. Please see the references for more information.
Apache Geronimo 2.0
Apache Geronimo 2.1
Apache Geronimo 2.0.1
Apache Geronimo 2.0.2
Solution:
The vendor released a patch to address this issue. Please see the references for more information.
Apache Geronimo 2.0
-
Apache GERONIMO-3543.patch
https://issues.apache.org/jira/secure/attachment/12368114/GERONIMO-354 3.patch
Apache Geronimo 2.1
-
Apache GERONIMO-3543.patch
https://issues.apache.org/jira/secure/attachment/12368114/GERONIMO-354 3.patch
Apache Geronimo 2.0.1
-
Apache GERONIMO-3543.patch
https://issues.apache.org/jira/secure/attachment/12368114/GERONIMO-354 3.patch
Apache Geronimo 2.0.2
-
Apache GERONIMO-3543.patch
https://issues.apache.org/jira/secure/attachment/12368114/GERONIMO-354 3.patch
References
Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
References:
References: