Sid 1-17156
Message
SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt
Summary
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Impact
CVSS base score 7.5
CVSS impact score 6.4
CVSS exploitability score 10.0
confidentialityImpact PARTIAL
integrityImpact PARTIAL
availabilityImpact PARTIAL
CVE-2009-3548:
CVSS base score 7.5
CVSS impact score 6.4
CVSS exploitability score 10.0
Confidentiality Impact PARTIAL
Integrity Impact PARTIAL
Availability Impact PARTIAL
CVE-2009-3843:
CVSS base score 10.0
CVSS impact score 10.0
CVSS exploitability score 10.0
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
Detailed information
CVE-2009-3548: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
CVE-2009-3843: HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
Affected systems
- apache tomcat 3.0
- apache tomcat 3.1
- apache tomcat 3.1.1
- apache tomcat 3.2
- apache tomcat 3.2.1
- apache tomcat 3.2.2
- apache tomcat 3.2.3
- apache tomcat 3.2.4
- apache tomcat 3.3
- apache tomcat 3.3.1
- apache tomcat 3.3.1a
- apache tomcat 3.3.2
- apache tomcat 4.0.0
- apache tomcat 4.0.1
- apache tomcat 4.0.2
- apache tomcat 4.0.3
- apache tomcat 4.0.4
- apache tomcat 4.0.5
- apache tomcat 4.0.6
- apache tomcat 4.1.0
- apache tomcat 4.1.1
- apache tomcat 4.1.2
- apache tomcat 4.1.3
- apache tomcat 4.1.4
- apache tomcat 4.1.5
- apache tomcat 4.1.6
- apache tomcat 4.1.7
- apache tomcat 4.1.8
- apache tomcat 4.1.9
- apache tomcat 4.1.10
- apache tomcat 4.1.11
- apache tomcat 4.1.12
- apache tomcat 4.1.13
- apache tomcat 4.1.14
- apache tomcat 4.1.15
- apache tomcat 4.1.16
- apache tomcat 4.1.17
- apache tomcat 4.1.18
- apache tomcat 4.1.19
- apache tomcat 4.1.20
- apache tomcat 4.1.21
- apache tomcat 4.1.22
- apache tomcat 4.1.23
- apache tomcat 4.1.24
- apache tomcat 4.1.25
- apache tomcat 4.1.26
- apache tomcat 4.1.27
- apache tomcat 4.1.28
- apache tomcat 4.1.29
- apache tomcat 4.1.30
- apache tomcat 4.1.31
- apache tomcat 4.1.32
- apache tomcat 4.1.33
- apache tomcat 4.1.34
- apache tomcat 4.1.35
- apache tomcat 4.1.36
- apache tomcat 4.1.37
- apache tomcat 4.1.38
- apache tomcat 4.1.39
- apache tomcat 5.0.0
- apache tomcat 5.0.1
- apache tomcat 5.0.2
- apache tomcat 5.0.3
- apache tomcat 5.0.4
- apache tomcat 5.0.5
- apache tomcat 5.0.6
- apache tomcat 5.0.7
- apache tomcat 5.0.8
- apache tomcat 5.0.9
- apache tomcat 5.0.10
- apache tomcat 5.0.11
- apache tomcat 5.0.12
- apache tomcat 5.0.13
- apache tomcat 5.0.14
- apache tomcat 5.0.15
- apache tomcat 5.0.16
- apache tomcat 5.0.17
- apache tomcat 5.0.18
- apache tomcat 5.0.19
- apache tomcat 5.0.21
- apache tomcat 5.0.22
- apache tomcat 5.0.23
- apache tomcat 5.0.24
- apache tomcat 5.0.25
- apache tomcat 5.0.26
- apache tomcat 5.0.27
- apache tomcat 5.0.28
- apache tomcat 5.0.29
- apache tomcat 5.0.30
- apache tomcat 5.5.0
- apache tomcat 5.5.1
- apache tomcat 5.5.2
- apache tomcat 5.5.3
- apache tomcat 5.5.4
- apache tomcat 5.5.5
- apache tomcat 5.5.6
- apache tomcat 5.5.7
- apache tomcat 5.5.8
- apache tomcat 5.5.9
- apache tomcat 5.5.10
- apache tomcat 5.5.11
- apache tomcat 5.5.12
- apache tomcat 5.5.13
- apache tomcat 5.5.14
- apache tomcat 5.5.15
- apache tomcat 5.5.16
- apache tomcat 5.5.17
- apache tomcat 5.5.18
- apache tomcat 5.5.19
- apache tomcat 5.5.20
- apache tomcat 5.5.21
- apache tomcat 5.5.22
- apache tomcat 5.5.23
- apache tomcat 5.5.24
- apache tomcat 5.5.25
- apache tomcat 5.5.26
- apache tomcat 5.5.27
- apache tomcat 5.5.28
- apache tomcat 6.0
- apache tomcat 6.0.0
- apache tomcat 6.0.1
- apache tomcat 6.0.2
- apache tomcat 6.0.3
- apache tomcat 6.0.4
- apache tomcat 6.0.5
- apache tomcat 6.0.6
- apache tomcat 6.0.7
- apache tomcat 6.0.8
- apache tomcat 6.0.9
- apache tomcat 6.0.10
- apache tomcat 6.0.11
- apache tomcat 6.0.12
- apache tomcat 6.0.13
- apache tomcat 6.0.14
- apache tomcat 6.0.15
- apache tomcat 6.0.16
- apache tomcat 6.0.17
- apache tomcat 6.0.18
- apache tomcat 6.0.20
- hp operations_manager 8.10
Ease of attack
CVE-2009-3548:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
CVE-2009-3843:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
False positives
None known
False negatives
None known
Corrective action
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
Contributors
- Talos research team.
- This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
- For more information see nvd.
Additional References