National Cyber Awareness System

Vulnerability Summary for CVE-2009-3548

Overview

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://tomcat.apache.org/security-6.html

Type: Advisory; Patch Information

Hyperlink:http://tomcat.apache.org/security-6.html

External Source: CONFIRM

Name: http://tomcat.apache.org/security-5.html

Type: Advisory; Patch Information

Hyperlink:http://tomcat.apache.org/security-5.html

External Source: XF

Name: tomcat-admin-default-password(54182)

Hyperlink:http://xforce.iss.net/xforce/xfdb/54182

External Source: VUPEN

Name: ADV-2010-1559

Hyperlink:http://www.vupen.com/english/advisories/2010/1559

External Source: VUPEN

Name: ADV-2009-3185

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/3185

External Source: CONFIRM

Name: http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Hyperlink:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2011-0003.html

External Source: SECTRACK

Name: 1023146

Hyperlink:http://www.securitytracker.com/id?1023146

External Source: BID

Name: 36954

Hyperlink:http://www.securityfocus.com/bid/36954

External Source: BUGTRAQ

Name: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded

External Source: BUGTRAQ

Name: 20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/507720/100/0/threaded

External Source: SECUNIA

Name: 40330

Hyperlink:http://secunia.com/advisories/40330

External Source: OVAL

Name: oval:org.mitre.oval:def:7033

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7033

External Source: MISC

Name: http://markmail.org/thread/wfu4nff5chvkb6xp

Hyperlink:http://markmail.org/thread/wfu4nff5chvkb6xp

External Source: HP

Name: SSRT100145

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113

External Source: HP

Name: SSRT100145

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113

References to Check Content

Identifier:oval:org.mitre.oval:def:7033

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7033