ID de Prueba:	1.3.6.1.4.1.25623.1.0.901050
Categoría:	Web Servers
Título:	Apache Tomcat Windows Installer Privilege Escalation Vulnerability
Resumen:	Apache Tomcat Server is prone to a privilege escalation vulnerability.
Descripción:	Summary: Apache Tomcat Server is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw is due to the windows installer setting a blank password by default for the administrative user, which could be exploited by attackers to gain unauthorized administrative access to a vulnerable installation. Vulnerability Impact: Successful attempt could lead remote attackers to bypass security restrictions and gain the privileges. Affected Software/OS: Apache Tomcat version 5.5.0 to 5.5.28 and 6.0.0 through 6.0.20 on Windows. Solution: Update to version 5.5.29, 6.0.21 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3548 BugTraq ID: 36954 http://www.securityfocus.com/bid/36954 Bugtraq: 20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password (Google Search) http://www.securityfocus.com/archive/1/507720/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded HPdes Security Advisory: HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 HPdes Security Advisory: HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02541 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100029 HPdes Security Advisory: SSRT100145 HPdes Security Advisory: SSRT100825 HPdes Security Advisory: SSRT101146 http://markmail.org/thread/wfu4nff5chvkb6xp https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033 http://www.securitytracker.com/id?1023146 http://secunia.com/advisories/40330 http://secunia.com/advisories/57126 http://www.vupen.com/english/advisories/2009/3185 http://www.vupen.com/english/advisories/2010/1559 XForce ISS Database: tomcat-admin-default-password(54182) https://exchange.xforce.ibmcloud.com/vulnerabilities/54182
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.