Unrated severityNVD Advisory· Published Aug 27, 2007· Updated Apr 23, 2026

CVE-2007-4548

Description

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

Affected products

Apache/Geronimo
cpe:2.3:a:apache:geronimo:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

issues.apache.org/jira/browse/GERONIMO-3404nvdPatch
geronimo.apache.org/2007/08/13/apache-geronimo-v20-release-delayed-due-to-security-issue.htmlnvd
geronimo.apache.org/2007/08/21/apache-geronimo-201-released.htmlnvd
www.nabble.com/Geronimo-2.0-Release-suspended-due-to-security-issue-found-before-release-t4263667s134.htmlnvd
issues.apache.org/jira/browse/GERONIMO-1201nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000