Summary
Apache Tomcat Server is running on this host and that is prone to Privilege Escalation vulnerability.
Impact
Successful attempt could lead remote attackers to bypass security restrictions and gain the privileges.
Impact Level: Application.
Solution
Apply patch from below link,
http://svn.apache.org/viewvc?view=revision&revision=834047
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
The flaw is due to the windows installer setting a blank password by default for the administrative user, which could be exploited by attackers to gain unauthorized administrative access to a vulnerable installation.
Affected
Apache Tomcat version 5.5.0 to 5.5.28 and 6.0.0 through 6.0.20 on Windows.
References
Severity
Classification
-
CVE CVE-2009-3548 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Arkeia Appliance Path Traversal Vulnerability
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- b2ePMS Multiple SQL Injection Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability