Default Accounts : Apache Tomcat Server Administration Default/Hardcoded Credentials (HTTP)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.111013

Categoría: Default Accounts

Título: Apache Tomcat Server Administration Default/Hardcoded Credentials (HTTP)

Resumen: The Apache Tomcat Server Administration is using default or known; hardcoded credentials.

Descripción: Summary:
The Apache Tomcat Server Administration is using default or known
hardcoded credentials.

Vulnerability Impact:
This issue may be exploited by a remote attacker to gain
access to sensitive information.

Solution:
Change the password to a strong one or remove the user from tomcat-users.xml.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4094
BugTraq ID: 44172
http://www.securityfocus.com/bid/44172
http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt
http://www.zerodayinitiative.com/advisories/ZDI-10-214/
http://osvdb.org/69008
http://securitytracker.com/id?1024601
http://secunia.com/advisories/41784
http://www.vupen.com/english/advisories/2010/2732
Common Vulnerability Exposure (CVE) ID: CVE-2009-3548
BugTraq ID: 36954
http://www.securityfocus.com/bid/36954
Bugtraq: 20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password (Google Search)
http://www.securityfocus.com/archive/1/507720/100/0/threaded
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
HPdes Security Advisory: HPSBMA02535
http://marc.info/?l=bugtraq&m=127420533226623&w=2
HPdes Security Advisory: HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02541
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100029
HPdes Security Advisory: SSRT100145
HPdes Security Advisory: SSRT100825
HPdes Security Advisory: SSRT101146
http://markmail.org/thread/wfu4nff5chvkb6xp
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033
http://www.securitytracker.com/id?1023146
http://secunia.com/advisories/40330
http://secunia.com/advisories/57126
http://www.vupen.com/english/advisories/2009/3185
http://www.vupen.com/english/advisories/2010/1559
XForce ISS Database: tomcat-admin-default-password(54182)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54182
Common Vulnerability Exposure (CVE) ID: CVE-2009-4189
http://www.intevydis.com/blog/?p=87
Common Vulnerability Exposure (CVE) ID: CVE-2009-3099
http://intevydis.com/vd-list.shtml
http://secunia.com/advisories/36541
Common Vulnerability Exposure (CVE) ID: CVE-2009-3843
HPdes Security Advisory: HPSBMA02478
http://marc.info/?l=bugtraq&m=125873415424980&w=2
HPdes Security Advisory: SSRT090251
http://www.zerodayinitiative.com/advisories/ZDI-09-085/
http://www.osvdb.org/60317
http://securitytracker.com/id?1023222
http://secunia.com/advisories/37444
XForce ISS Database: operations-manager-unspecified-sec-bypass(54361)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54361
Common Vulnerability Exposure (CVE) ID: CVE-2009-4188
BugTraq ID: 36258
http://www.securityfocus.com/bid/36258
Common Vulnerability Exposure (CVE) ID: CVE-2010-0557
BugTraq ID: 38084
http://www.securityfocus.com/bid/38084
http://www.osvdb.org/62118
http://secunia.com/advisories/38457
http://www.vupen.com/english/advisories/2010/0297

Copyright Copyright (C) 2015 SCHUTZWERK GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.111013
Categoría:	Default Accounts
Título:	Apache Tomcat Server Administration Default/Hardcoded Credentials (HTTP)
Resumen:	The Apache Tomcat Server Administration is using default or known; hardcoded credentials.
Descripción:	Summary: The Apache Tomcat Server Administration is using default or known hardcoded credentials. Vulnerability Impact: This issue may be exploited by a remote attacker to gain access to sensitive information. Solution: Change the password to a strong one or remove the user from tomcat-users.xml. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4094 BugTraq ID: 44172 http://www.securityfocus.com/bid/44172 http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt http://www.zerodayinitiative.com/advisories/ZDI-10-214/ http://osvdb.org/69008 http://securitytracker.com/id?1024601 http://secunia.com/advisories/41784 http://www.vupen.com/english/advisories/2010/2732 Common Vulnerability Exposure (CVE) ID: CVE-2009-3548 BugTraq ID: 36954 http://www.securityfocus.com/bid/36954 Bugtraq: 20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password (Google Search) http://www.securityfocus.com/archive/1/507720/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded HPdes Security Advisory: HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 HPdes Security Advisory: HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02541 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100029 HPdes Security Advisory: SSRT100145 HPdes Security Advisory: SSRT100825 HPdes Security Advisory: SSRT101146 http://markmail.org/thread/wfu4nff5chvkb6xp https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033 http://www.securitytracker.com/id?1023146 http://secunia.com/advisories/40330 http://secunia.com/advisories/57126 http://www.vupen.com/english/advisories/2009/3185 http://www.vupen.com/english/advisories/2010/1559 XForce ISS Database: tomcat-admin-default-password(54182) https://exchange.xforce.ibmcloud.com/vulnerabilities/54182 Common Vulnerability Exposure (CVE) ID: CVE-2009-4189 http://www.intevydis.com/blog/?p=87 Common Vulnerability Exposure (CVE) ID: CVE-2009-3099 http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36541 Common Vulnerability Exposure (CVE) ID: CVE-2009-3843 HPdes Security Advisory: HPSBMA02478 http://marc.info/?l=bugtraq&m=125873415424980&w=2 HPdes Security Advisory: SSRT090251 http://www.zerodayinitiative.com/advisories/ZDI-09-085/ http://www.osvdb.org/60317 http://securitytracker.com/id?1023222 http://secunia.com/advisories/37444 XForce ISS Database: operations-manager-unspecified-sec-bypass(54361) https://exchange.xforce.ibmcloud.com/vulnerabilities/54361 Common Vulnerability Exposure (CVE) ID: CVE-2009-4188 BugTraq ID: 36258 http://www.securityfocus.com/bid/36258 Common Vulnerability Exposure (CVE) ID: CVE-2010-0557 BugTraq ID: 38084 http://www.securityfocus.com/bid/38084 http://www.osvdb.org/62118 http://secunia.com/advisories/38457 http://www.vupen.com/english/advisories/2010/0297
Copyright	Copyright (C) 2015 SCHUTZWERK GmbH