8 matches found
HP Performance Manager Apache Tomcat Policy Bypass
Added: 11/05/2010 CVE: CVE-2009-3548 BID: 36954 OSVDB: 60176 Background HP Performance Manager Software is a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom...
HP Performance Manager Apache Tomcat Policy Bypass
Added: 11/05/2010 CVE: CVE-2009-3548 BID: 36954 OSVDB: 60176 Background HP Performance Manager Software is a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom...
Default credentials
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548...
CVE-2010-4094
Technical details for CVE-2010-4094 are not publicly provided in the supplied documents; monitor for updates.
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02181353 Version: 1 HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting XSS, Denial of Service DoS NOTICE: The information in this Security...
Fixed in Apache Tomcat 5.5.29
Low: Arbitrary file deletion and/or alteration on deploy CVE-2009-2693 When deploying WAR files, the WAR files were not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root by including entries such as ../../bin/catalina.sh in the...
CVE-2009-3548
CVE-2009-3548 affects the Windows installer for Apache Tomcat (versions 6.0.0–6.0.20 and 5.5.0–5.5.28, possibly earlier). The underlying issue is a blank default password for the administrative user, which can be exploited remotely to gain administrative privileges. The linked connected documents...
Apache Tomcat Windows安装程序默认空口令漏洞
BUGTRAQ ID: 36954 CVE ID: CVE-2009-3548 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Windows安装程序默认对管理用户设置了空口令。如果在安装过程中没有更改这个口令,就会使用空口令创建各种管理用户。 Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...