Apache.Tomcat.Windows.Installer.Password.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in Apache Tomcat.
The vulnerability is due an error in the application which grants every user admin privileges when they are first created with a blank password. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application by sending a crafted request to a vulnerable server.
Affected Products
Tomcat 6.0.0 through 6.0.20
Tomcat 5.5.0 through 5.5.28
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version available from the website.
http://tomcat.apache.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2024-01-30 | 26.724 | Sig Added |
2020-05-20 | 15.847 | Default_action:pass:drop |