Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Software Foundation Geronimo 授权问题漏洞
Vulnerability Description
Apache Geronimo 2.0版本的Login 模数执行程序中的login方法没有向失败的登录抛出FailedLoginException,这会允许远程攻击者通过向deployment模数中的命令行配置发送一个空白文件名和密码,以绕过权限邀请,配置任意模数,并获得管理访问权。
CVSS Information
N/A
Vulnerability Type
N/A