Apache Tomcat Default Accounts Network Vulnerability

Summary

This host appears to be the running the Apache Tomcat Servlet engine with the default accounts still configured. A potential intruder could reconfigure this service in a way that grants system access.

Solution

Change the default passwords by editing the admin-users.xml file located in the /conf/users subdirectory of the Tomcat installation.

Severity

Classification

CVE CVE-1999-0508

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari libxml Denial of Service Vulnerability
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
Asterisk SIP REGISTER Response Username Enumeration Vulnerability
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)

Take action and discover your vulnerabilities