geronimo-tomcat6-jee5-2.2-1.AXS3

エラータID: AXSA:2010-309:01

Release date: 
Friday, June 4, 2010 - 16:25
Subject: 
geronimo-tomcat6-jee5-2.2-1.AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The goal of the Geronimo project is to produce a server runtime framework that pulls together the best Open Source alternatives to create runtimes that meet the needs of developers and system administrators.
Security issues fixed with this release:
CVE-2007-4548:
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
CVE-2007-5085:
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimobefore 2.0.2 allows remote attackers to bypass authentication and obtainaccess to Geronimo internals via unspecified vectors.
CVE-2007-5797:
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

Solution: 

Update packages.

CVEs: 
CVE-2007-5797
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
CVE-2007-5085
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
CVE-2007-4548
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.




Additional Info: 

N/A

Download: 

SRPMS
  1. geronimo-tomcat6-jee5-2.2-1.AXS3.src.rpm
    MD5: 50d9faf677c4b4d7e8d829adb49ea446
    SHA-256: d353d92dc73345f156e30a47c111a26355544ffda557c437c335025ba79ab442
    Size: 88.35 MB

Asianux Server 3 for x86
  1. geronimo-tomcat6-jee5-2.2-1.AXS3.noarch.rpm
    MD5: 468173f5b61e1a10783e15d92d1cde89
    SHA-256: 3c4b990c0c9fcc1b1c107719dac508745690a86ee0d80ead922dfd6a6bb15cb6
    Size: 88.94 MB

Asianux Server 3 for x86_64
  1. geronimo-tomcat6-jee5-2.2-1.AXS3.noarch.rpm
    MD5: a8e208fc6599dabbf8eda1fdc3a734e6
    SHA-256: 2bb54ab3dd0825c32792353e757eba7a5f4cbf832960ecc8976b6b2008754c19
    Size: 88.94 MB