Executive Summary

Informations
Name CVE-2009-3548 First vendor Publication 2009-11-12
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19414
 
Oval ID: oval:org.mitre.oval:def:19414
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20415
 
Oval ID: oval:org.mitre.oval:def:20415
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7033
 
Oval ID: oval:org.mitre.oval:def:7033
Title: HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 142

SAINT Exploits

Description Link
HP Performance Manager Apache Tomcat Policy Bypass More info here

OpenVAS Exploits

Date Description
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2010-06-23 Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
2009-11-17 Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
60176 Apache Tomcat Windows Installer Admin Default Password

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

Date Description
2014-01-10 HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Revision : 8 - Type : SERVER-APACHE

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2008-11-26 Name : The management console for the remote web server is protected using a known s...
File : tomcat_manager_common_creds.nasl - Type : ACT_ATTACK

Sources (Detail)

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efb...
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c8...
https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fd...
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471...
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca45...
Source Url
BID http://www.securityfocus.com/bid/36954
BUGTRAQ http://www.securityfocus.com/archive/1/507720/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
CONFIRM http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113
http://marc.info/?l=bugtraq&m=127420533226623&w=2
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
MISC http://markmail.org/thread/wfu4nff5chvkb6xp
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1023146
SECUNIA http://secunia.com/advisories/40330
http://secunia.com/advisories/57126
VUPEN http://www.vupen.com/english/advisories/2009/3185
http://www.vupen.com/english/advisories/2010/1559
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/54182

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Date Informations
2023-11-07 21:47:39
  • Multiple Updates
2021-05-04 12:10:17
  • Multiple Updates
2021-04-22 01:10:42
  • Multiple Updates
2020-05-23 13:16:53
  • Multiple Updates
2020-05-23 00:24:24
  • Multiple Updates
2019-03-25 17:18:57
  • Multiple Updates
2019-03-21 21:19:09
  • Multiple Updates
2018-10-11 00:19:42
  • Multiple Updates
2017-09-19 09:23:26
  • Multiple Updates
2017-08-17 09:22:43
  • Multiple Updates
2016-08-23 09:24:34
  • Multiple Updates
2016-04-26 19:10:51
  • Multiple Updates
2016-03-07 17:24:18
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2016-03-04 21:24:38
  • Multiple Updates
2016-03-04 17:23:11
  • Multiple Updates
2014-03-18 13:21:54
  • Multiple Updates
2014-03-08 13:21:33
  • Multiple Updates
2014-02-17 10:51:52
  • Multiple Updates
2014-02-10 21:21:05
  • Multiple Updates
2014-01-19 21:26:13
  • Multiple Updates
2013-12-05 17:19:04
  • Multiple Updates
2013-11-11 12:38:25
  • Multiple Updates
2013-06-05 13:19:28
  • Multiple Updates
2013-05-10 23:58:42
  • Multiple Updates