Published: 12/11/2009 Updated: 09/04/2025

The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 3.0
apache tomcat 3.1
apache tomcat 3.1.1
apache tomcat 3.2
apache tomcat 3.2.1
apache tomcat 3.2.2
apache tomcat 3.2.3
apache tomcat 3.2.4
apache tomcat 3.3
apache tomcat 3.3.1
apache tomcat 3.3.1a
apache tomcat 3.3.2
apache tomcat 4.0.0
apache tomcat 4.0.1
apache tomcat 4.0.2
apache tomcat 4.0.3
apache tomcat 4.0.4
apache tomcat 4.0.5
apache tomcat 4.0.6
apache tomcat 4.1.0
apache tomcat 4.1.1
apache tomcat 4.1.2
apache tomcat 4.1.3
apache tomcat 4.1.4
apache tomcat 4.1.5
apache tomcat 4.1.6
apache tomcat 4.1.7
apache tomcat 4.1.8
apache tomcat 4.1.9
apache tomcat 4.1.10
apache tomcat 4.1.11
apache tomcat 4.1.12
apache tomcat 4.1.13
apache tomcat 4.1.14
apache tomcat 4.1.15
apache tomcat 4.1.16
apache tomcat 4.1.17
apache tomcat 4.1.18
apache tomcat 4.1.19
apache tomcat 4.1.20
apache tomcat 4.1.21
apache tomcat 4.1.22
apache tomcat 4.1.23
apache tomcat 4.1.24
apache tomcat 4.1.25
apache tomcat 4.1.26
apache tomcat 4.1.27
apache tomcat 4.1.28
apache tomcat 4.1.29
apache tomcat 4.1.30
apache tomcat 4.1.31
apache tomcat 4.1.32
apache tomcat 4.1.33
apache tomcat 4.1.34
apache tomcat 4.1.35
apache tomcat 4.1.36
apache tomcat 4.1.37
apache tomcat 4.1.38
apache tomcat 4.1.39
apache tomcat 5.0.0
apache tomcat 5.0.1
apache tomcat 5.0.2
apache tomcat 5.0.3
apache tomcat 5.0.4
apache tomcat 5.0.5
apache tomcat 5.0.6
apache tomcat 5.0.7
apache tomcat 5.0.8
apache tomcat 5.0.9
apache tomcat 5.0.10
apache tomcat 5.0.11
apache tomcat 5.0.12
apache tomcat 5.0.13
apache tomcat 5.0.14
apache tomcat 5.0.15
apache tomcat 5.0.16
apache tomcat 5.0.17
apache tomcat 5.0.18
apache tomcat 5.0.19
apache tomcat 5.0.21
apache tomcat 5.0.22
apache tomcat 5.0.23
apache tomcat 5.0.24
apache tomcat 5.0.25
apache tomcat 5.0.26
apache tomcat 5.0.27
apache tomcat 5.0.28
apache tomcat 5.0.29
apache tomcat 5.0.30
apache tomcat 5.5.0
apache tomcat 5.5.1
apache tomcat 5.5.2
apache tomcat 5.5.3
apache tomcat 5.5.4
apache tomcat 5.5.5
apache tomcat 5.5.6
apache tomcat 5.5.7
apache tomcat 5.5.8
apache tomcat 5.5.9
apache tomcat 5.5.10
apache tomcat 5.5.11
apache tomcat 5.5.12
apache tomcat 5.5.13
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.5.16
apache tomcat 5.5.17
apache tomcat 5.5.18
apache tomcat 5.5.19
apache tomcat 5.5.20
apache tomcat 5.5.21
apache tomcat 5.5.22
apache tomcat 5.5.23
apache tomcat 5.5.24
apache tomcat 5.5.25
apache tomcat 5.5.26
apache tomcat 5.5.27
apache tomcat 5.5.28
apache tomcat 6.0
apache tomcat 6.0.0
apache tomcat 6.0.1
apache tomcat 6.0.2
apache tomcat 6.0.3
apache tomcat 6.0.4
apache tomcat 6.0.5
apache tomcat 6.0.6
apache tomcat 6.0.7
apache tomcat 6.0.8
apache tomcat 6.0.9
apache tomcat 6.0.10
apache tomcat 6.0.11
apache tomcat 6.0.12
apache tomcat 6.0.13
apache tomcat 6.0.14
apache tomcat 6.0.15
apache tomcat 6.0.16
apache tomcat 6.0.17
apache tomcat 6.0.18
apache tomcat 6.0.20

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache*(Coyote|Tomcat)/ ] } CSRF_VAR = 'CSRF_NONCE=' include Msf::Exploit:: ...

## # $Id: tomcat_mgr_deployrb 11330 2010-12-14 17:26:44Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cla ...

This repository contains the essential resources for generating the two attack scenarios in an OT/ICS network

OT/ICS attacks- Simulation of an operational disruption in an OT/ICS network The setup involves configuring a network with a vulnerable web application, OpenPLC, SCADA, and Tomcat services The scenario includes two key vulnerabilities: CVE-2021-44228 (Log4Shell) and CVE-2009-3548 (weak credentials in Apache Tomcat) These vulnerabilities allow attackers to gain remote code ex

This repository contains the essential resources for generating the two attack scenarios in an OT/ICS network

Get Started

CVE-2009-3548

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect