Summary
The host is running Tomcat server in IBM Rational Quality Manager/ IBM Rational Test Lab Manager has a default password for the ADMIN account.
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of an affected application.
Impact Level: Application.
Solution
Upgrade to version 7.9.0.3 build 1046 or higher
For updates refer to https://www.ibm.com/developerworks/rational/products/testmanager
Insight
The flaw exists within the installation of the bundled Tomcat server.
The default ADMIN account is improperly disabled within 'tomcat-users.xml' with default password. A remote attacker can use this vulnerability to execute arbitrary code under the context of the Tomcat server.
Affected
Versions prior to IBM Rational Quality Manager and IBM Test Lab Manager 7.9.0.3 build:1046
References
Severity
Classification
-
CVE CVE-2010-4094 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
- bozotic HTTP server Denial of Service Vulnerability
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache Tomcat Multiple Vulnerabilities January 2010
- bozotic HTTP server Information Disclosure Vulnerability