Test Kennung:	1.3.6.1.4.1.25623.1.0.901050
Kategorie:	Web Servers
Titel:	Apache Tomcat Windows Installer Privilege Escalation Vulnerability
Zusammenfassung:	Apache Tomcat Server is prone to a privilege escalation vulnerability.
Beschreibung:	Summary: Apache Tomcat Server is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw is due to the windows installer setting a blank password by default for the administrative user, which could be exploited by attackers to gain unauthorized administrative access to a vulnerable installation. Vulnerability Impact: Successful attempt could lead remote attackers to bypass security restrictions and gain the privileges. Affected Software/OS: Apache Tomcat version 5.5.0 to 5.5.28 and 6.0.0 through 6.0.20 on Windows. Solution: Update to version 5.5.29, 6.0.21 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3548 BugTraq ID: 36954 http://www.securityfocus.com/bid/36954 Bugtraq: 20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password (Google Search) http://www.securityfocus.com/archive/1/507720/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded HPdes Security Advisory: HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 HPdes Security Advisory: HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02541 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100029 HPdes Security Advisory: SSRT100145 HPdes Security Advisory: SSRT100825 HPdes Security Advisory: SSRT101146 http://markmail.org/thread/wfu4nff5chvkb6xp https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033 http://www.securitytracker.com/id?1023146 http://secunia.com/advisories/40330 http://secunia.com/advisories/57126 http://www.vupen.com/english/advisories/2009/3185 http://www.vupen.com/english/advisories/2010/1559 XForce ISS Database: tomcat-admin-default-password(54182) https://exchange.xforce.ibmcloud.com/vulnerabilities/54182
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.