Description

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Remediation

References

CVE-2009-3548

Related Vulnerabilities

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31097)

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts (Premium) Security Bypass (6.3.2)

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-8005)

WordPress Plugin One Click Upsell Funnel for WooCommerce Unspecified Vulnerability (2.0.0)

WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)

Severity

High

Classification

CVE-2009-3548

Tags

Missing Update Known Vulnerabilities