Lucene search
RootSSV:12601HistoryNov 10, 2009 - 12:00 a.m.
Apache Tomcat Windows安装程序默认空口令漏洞
2009-11-1000:00:00
Root
www.seebug.org
74
0.171 Low
EPSS
Percentile
95.5%
BUGTRAQ ID: 36954
CVE ID: CVE-2009-3548
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
Windows安装程序默认对管理用户设置了空口令。如果在安装过程中没有更改这个口令,就会使用空口令创建各种管理用户。
Tomcat 5.5.0 to 5.5.28
Tomcat 6.0.0 to 6.0.20
厂商补丁:
Apache Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://svn.apache.org/viewvc?view=revision&revision=834047
Related
securityvulns
securityvulns
Apache Tomcat for Windows backdoor account
2009-11-09 00:00:00
openvas
openvas
Apache Tomcat Windows Installer Privilege Escalation Vulnerability
2009-11-17 00:00:00
HP-UX Update for Tomcat Servlet Engine HPSBUX02541
2010-06-23 00:00:00
HP-UX Update for Tomcat Servlet Engine HPSBUX02541
2010-06-23 00:00:00
saint
saint
HP Performance Manager Apache Tomcat Policy Bypass
2010-11-05 00:00:00
HP Performance Manager Apache Tomcat Policy Bypass
2010-11-05 00:00:00
HP Performance Manager Apache Tomcat Policy Bypass
2010-11-05 00:00:00
veracode
veracode
Insecure Authentication
2019-03-25 08:40:42
prion
prion
Default credentials
2009-11-12 23:30:00
Default credentials
2010-10-26 18:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2009-3548
2009-11-12 23:30:00
CVE-2010-4094
2010-10-26 18:00:00
nessus
nessus
tomcat
tomcat
Fixed in Apache Tomcat 5.5.29
2010-04-20 00:00:00
Fixed in Apache Tomcat 6.0.24
2010-01-21 00:00:00
zdt
zdt
Apache Tomcat Manager Code Execution Exploit
2014-02-04 00:00:00
packetstorm
packetstorm
Apache Tomcat Manager Code Execution
2014-02-01 00:00:00
ibm
ibm