Test ID:	1.3.6.1.4.1.25623.1.0.800193
Category:	Default Accounts
Title:	IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability (HTTP)
Summary:	The Apache Tomcat server in IBM Rational Quality Manager / IBM; Rational Test Lab Manager has a default password for the ADMIN account.
Description:	Summary: The Apache Tomcat server in IBM Rational Quality Manager / IBM Rational Test Lab Manager has a default password for the ADMIN account. Vulnerability Insight: The flaw exists within the installation of the bundled Tomcat server. The default ADMIN account is improperly disabled within 'tomcat-users.xml' with default password. A remote attacker can use this vulnerability to execute arbitrary code under the context of the Tomcat server. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary code in the context of an affected application. Affected Software/OS: Versions prior to IBM Rational Quality Manager and IBM Test Lab Manager 7.9.0.3 build:1046. Solution: Update to version 7.9.0.3 build 1046 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4094 BugTraq ID: 44172 http://www.securityfocus.com/bid/44172 http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt http://www.zerodayinitiative.com/advisories/ZDI-10-214/ http://osvdb.org/69008 http://securitytracker.com/id?1024601 http://secunia.com/advisories/41784 http://www.vupen.com/english/advisories/2010/2732
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.