Description
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Remediation
References
Related Vulnerabilities
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12466)
WordPress Plugin Mz-jajak 'id' Parameter SQL Injection (2.1)
WordPress Plugin PDF Embedder Security Bypass (4.4)
WordPress Plugin Ldap WP Login/Active Directory Integration Multiple Vulnerabilities (3.0.1)
WordPress Plugin WPQA-Builder forms Addon For WordPress Insecure Direct Object Reference (5.9.2)