Description
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Remediation
References
Related Vulnerabilities
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-11127)
MediaWiki CVE-2022-28209 Vulnerability (CVE-2022-28209)
Oracle JRE CVE-2022-21293 Vulnerability (CVE-2022-21293)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2019-9674)
Internet Information Services Improper Input Validation Vulnerability (CVE-1999-0867)