7.5
CVSSv2

CVE-2009-3548

Published: 12/11/2009 Updated: 25/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 880
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 3.0

apache tomcat 3.1

apache tomcat 3.1.1

apache tomcat 3.2

apache tomcat 3.2.1

apache tomcat 3.2.2

apache tomcat 3.2.3

apache tomcat 3.2.4

apache tomcat 3.3

apache tomcat 3.3.1

apache tomcat 3.3.1a

apache tomcat 3.3.2

apache tomcat 4.0.0

apache tomcat 4.0.1

apache tomcat 4.0.2

apache tomcat 4.0.3

apache tomcat 4.0.4

apache tomcat 4.0.5

apache tomcat 4.0.6

apache tomcat 4.1.0

apache tomcat 4.1.1

apache tomcat 4.1.2

apache tomcat 4.1.3

apache tomcat 4.1.4

apache tomcat 4.1.5

apache tomcat 4.1.6

apache tomcat 4.1.7

apache tomcat 4.1.8

apache tomcat 4.1.9

apache tomcat 4.1.10

apache tomcat 4.1.11

apache tomcat 4.1.12

apache tomcat 4.1.13

apache tomcat 4.1.14

apache tomcat 4.1.15

apache tomcat 4.1.16

apache tomcat 4.1.17

apache tomcat 4.1.18

apache tomcat 4.1.19

apache tomcat 4.1.20

apache tomcat 4.1.21

apache tomcat 4.1.22

apache tomcat 4.1.23

apache tomcat 4.1.24

apache tomcat 4.1.25

apache tomcat 4.1.26

apache tomcat 4.1.27

apache tomcat 4.1.28

apache tomcat 4.1.29

apache tomcat 4.1.30

apache tomcat 4.1.31

apache tomcat 4.1.32

apache tomcat 4.1.33

apache tomcat 4.1.34

apache tomcat 4.1.35

apache tomcat 4.1.36

apache tomcat 4.1.37

apache tomcat 4.1.38

apache tomcat 4.1.39

apache tomcat 5.0.0

apache tomcat 5.0.1

apache tomcat 5.0.2

apache tomcat 5.0.3

apache tomcat 5.0.4

apache tomcat 5.0.5

apache tomcat 5.0.6

apache tomcat 5.0.7

apache tomcat 5.0.8

apache tomcat 5.0.9

apache tomcat 5.0.10

apache tomcat 5.0.11

apache tomcat 5.0.12

apache tomcat 5.0.13

apache tomcat 5.0.14

apache tomcat 5.0.15

apache tomcat 5.0.16

apache tomcat 5.0.17

apache tomcat 5.0.18

apache tomcat 5.0.19

apache tomcat 5.0.21

apache tomcat 5.0.22

apache tomcat 5.0.23

apache tomcat 5.0.24

apache tomcat 5.0.25

apache tomcat 5.0.26

apache tomcat 5.0.27

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 5.0.30

apache tomcat 5.5.0

apache tomcat 5.5.1

apache tomcat 5.5.2

apache tomcat 5.5.3

apache tomcat 5.5.4

apache tomcat 5.5.5

apache tomcat 5.5.6

apache tomcat 5.5.7

apache tomcat 5.5.8

apache tomcat 5.5.9

apache tomcat 5.5.10

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.13

apache tomcat 5.5.14

apache tomcat 5.5.15

apache tomcat 5.5.16

apache tomcat 5.5.17

apache tomcat 5.5.18

apache tomcat 5.5.19

apache tomcat 5.5.20

apache tomcat 5.5.21

apache tomcat 5.5.22

apache tomcat 5.5.23

apache tomcat 5.5.24

apache tomcat 5.5.25

apache tomcat 5.5.26

apache tomcat 5.5.27

apache tomcat 5.5.28

apache tomcat 6.0

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 6.0.2

apache tomcat 6.0.3

apache tomcat 6.0.4

apache tomcat 6.0.5

apache tomcat 6.0.6

apache tomcat 6.0.7

apache tomcat 6.0.8

apache tomcat 6.0.9

apache tomcat 6.0.10

apache tomcat 6.0.11

apache tomcat 6.0.12

apache tomcat 6.0.13

apache tomcat 6.0.14

apache tomcat 6.0.15

apache tomcat 6.0.16

apache tomcat 6.0.17

apache tomcat 6.0.18

apache tomcat 6.0.20

Vendor Advisories

VMSA-2011-00032 VMware Security Advisory   VMware Security Advisory Advisory ID: VMSA-2011-00032 VMware Security Advisory Synopsis: Third p ...

Exploits

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache*(Coyote|Tomcat)/ ] } CSRF_VAR = 'CSRF_NONCE=' include Msf::Exploit:: ...
## # $Id: tomcat_mgr_deployrb 11330 2010-12-14 17:26:44Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cla ...

Metasploit Modules

Apache Tomcat Manager Application Deployer Authenticated Code Execution

This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.

msf > use exploit/multi/http/tomcat_mgr_deploy
      msf exploit(tomcat_mgr_deploy) > show targets
            ...targets...
      msf exploit(tomcat_mgr_deploy) > set TARGET <target-id>
      msf exploit(tomcat_mgr_deploy) > show options
            ...show and set options...
      msf exploit(tomcat_mgr_deploy) > exploit
Apache Tomcat Manager Authenticated Upload Code Execution

This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.

msf > use exploit/multi/http/tomcat_mgr_upload
      msf exploit(tomcat_mgr_upload) > show targets
            ...targets...
      msf exploit(tomcat_mgr_upload) > set TARGET <target-id>
      msf exploit(tomcat_mgr_upload) > show options
            ...show and set options...
      msf exploit(tomcat_mgr_upload) > exploit
Tomcat Application Manager Login Utility

This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass.

msf > use auxiliary/scanner/http/tomcat_mgr_login
      msf auxiliary(tomcat_mgr_login) > show actions
            ...actions...
      msf auxiliary(tomcat_mgr_login) > set ACTION <action-name>
      msf auxiliary(tomcat_mgr_login) > show options
            ...show and set options...
      msf auxiliary(tomcat_mgr_login) > run

References

CWE-255http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113http://marc.info/?l=bugtraq&m=127420533226623&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://markmail.org/thread/wfu4nff5chvkb6xphttp://secunia.com/advisories/40330http://secunia.com/advisories/57126http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.securityfocus.com/archive/1/507720/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/36954http://www.securitytracker.com/id?1023146http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2009/3185http://www.vupen.com/english/advisories/2010/1559https://exchange.xforce.ibmcloud.com/vulnerabilities/54182https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033https://www.securityfocus.com/bid/36954https://nvd.nist.govhttps://www.exploit-db.com/exploits/31433/https://www.rapid7.com/db/modules/exploit/multi/http/tomcat_mgr_deployhttps://www.vmware.com/security/advisories/VMSA-2011-00031.html