Vulnerability-Lookup

CVE-2009-3548 (GCVE-0-2009-3548)

Vulnerability from cvelistv5 – Published: 2009-11-12 23:00 – Updated: 2024-08-07 06:31

Summary

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=127420533226623&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/40330	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=127420533226623&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2010/1559	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisoryx_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://secunia.com/advisories/57126	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/support/vsphere4/doc/vsp_vc…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/36954	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2009/3185	vdb-entryx_refsource_VUPEN
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/507720/100…	mailing-listx_refsource_BUGTRAQ
	http://markmail.org/thread/wfu4nff5chvkb6xp	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/516397/100…	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=bugtraq&m=139344343412337&w=2	vendor-advisoryx_refsource_HP
	http://www.securitytracker.com/id?1023146	vdb-entryx_refsource_SECTRACK
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	https://lists.apache.org/thread.html/06cfb634bc7b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8dcaf7c3894d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/df497a37fbf9…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r584a714f141…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r3aacc40356d…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02541",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
          },
          {
            "name": "HPSBMA02535",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
          },
          {
            "name": "HPSBUX02860",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "40330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40330"
          },
          {
            "name": "SSRT100029",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
          },
          {
            "name": "ADV-2010-1559",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1559"
          },
          {
            "name": "oval:org.mitre.oval:def:19414",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
          },
          {
            "name": "HPSBOV02762",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "tomcat-admin-default-password(54182)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "57126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7033",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
          },
          {
            "name": "36954",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36954"
          },
          {
            "name": "SSRT100825",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "ADV-2009-3185",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3185"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
          },
          {
            "name": "SSRT101146",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "HPSBST02955",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
          },
          {
            "name": "1023146",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023146"
          },
          {
            "name": "SSRT100145",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20191124 [CONF] Apache Tomcat \u003e Security",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:55.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBUX02541",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
        },
        {
          "name": "HPSBMA02535",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
        },
        {
          "name": "HPSBUX02860",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "40330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40330"
        },
        {
          "name": "SSRT100029",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
        },
        {
          "name": "ADV-2010-1559",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1559"
        },
        {
          "name": "oval:org.mitre.oval:def:19414",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
        },
        {
          "name": "HPSBOV02762",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "tomcat-admin-default-password(54182)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "name": "57126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7033",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
        },
        {
          "name": "36954",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36954"
        },
        {
          "name": "SSRT100825",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "ADV-2009-3185",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3185"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
        },
        {
          "name": "SSRT101146",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "HPSBST02955",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
        },
        {
          "name": "1023146",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023146"
        },
        {
          "name": "SSRT100145",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20191124 [CONF] Apache Tomcat \u003e Security",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-3548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02541",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
            },
            {
              "name": "HPSBMA02535",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
            },
            {
              "name": "HPSBUX02860",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "40330",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40330"
            },
            {
              "name": "SSRT100029",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
            },
            {
              "name": "ADV-2010-1559",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1559"
            },
            {
              "name": "oval:org.mitre.oval:def:19414",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
            },
            {
              "name": "HPSBOV02762",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
            },
            {
              "name": "tomcat-admin-default-password(54182)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "57126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57126"
            },
            {
              "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7033",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
            },
            {
              "name": "36954",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36954"
            },
            {
              "name": "SSRT100825",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
            },
            {
              "name": "ADV-2009-3185",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3185"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
            },
            {
              "name": "http://markmail.org/thread/wfu4nff5chvkb6xp",
              "refsource": "MISC",
              "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
            },
            {
              "name": "SSRT101146",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "HPSBST02955",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
            },
            {
              "name": "1023146",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023146"
            },
            {
              "name": "SSRT100145",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20191124 [CONF] Apache Tomcat \u003e Security",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3548",
    "datePublished": "2009-11-12T23:00:00.000Z",
    "dateReserved": "2009-10-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:31:10.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-041

Vulnerability from certfr_avis - Published: 2010-02-02 - Updated: 2010-02-03

De multiples vulnérabilités permettant de contourner la politique de sécurité ont été corrigées dans Apache Tomcat.

Description

De multiples vulnérabilités ont été corrigées dans Apache Tomcat. Plusieurs erreurs dans le module de déploiement permettent la modification des droits d'accès ou la suppression arbitraire de fichiers.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Les correctifs pour la version 5.5.x ne sont pas encore disponibles sur le site de l'éditeur.

None

Impacted products

	Vendor	Product	Description
	Apache	Tomcat	Apache Tomcat 5, des versions 5.5.0 à 5.5.28 ;
	Apache	Tomcat	Apache Tomcat 6, des versions 6.0.0 à 6.0.20.

References

Title

Publication Time

Tags

Bulletin de sécurité Apache Tomcat 5	None	vendor-advisory
Bulletin de sécurité Apache Tomcat 6	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Tomcat 5, des versions 5.5.0 \u00e0 5.5.28 ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat 6, des versions 6.0.0 \u00e0 6.0.20.",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apache Tomcat.\nPlusieurs erreurs dans le module de d\u00e9ploiement permettent la\nmodification des droits d\u0027acc\u00e8s ou la suppression arbitraire de\nfichiers.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les correctifs pour la version\n5.5.x ne sont pas encore disponibles sur le site de l\u0027\u00e9diteur.\n",
  "cves": [
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    }
  ],
  "initial_release_date": "2010-02-02T00:00:00",
  "last_revision_date": "2010-02-03T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-041",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-02T00:00:00.000000"
    },
    {
      "description": "pr\u00e9cision de la section Solution du document.",
      "revision_date": "2010-02-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant de contourner la politique de\ns\u00e9curit\u00e9 ont \u00e9t\u00e9 corrig\u00e9es dans Apache Tomcat.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat 5",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat 6",
      "url": "http://tomcat.apache.org/security-6.html"
    }
  ]
}

CERTA-2010-AVI-446

Vulnerability from certfr_avis - Published: 2010-09-20 - Updated: 2010-09-20

Plusieurs vulnérabilités dans IBM Websphere Application Server Community Edition permettent à une personne malintentionnée de porter atteinte à l'intégrité des données ou de contourner la politique de sécurité.

Description

De multiples vulnérabilités dans la version de Tomcat embarquée dans IBM Websphere Application Server Community Edition ont été découvertes :

des fichiers peuvent être arbitrairement effacés ou altérés ;
le mot de passe par défaut n'est pas suffisament sûr ;
une installation partielle vulnérable est mise en place après l'echec du processus d'installation.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM Websphere Application Server Community Edition versions antérieures à la 2.1.1.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apportés à IBM Websphere Application Server Community Edition	None	vendor-advisory
Liste des changements apportés à IBM Websphere Application Server Community Edition version 2.1.1.4 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIBM Websphere Application Server Community Edition versions  ant\u00e9rieures \u00e0 la 2.1.1.4.\u003c/P\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans la version de Tomcat embarqu\u00e9e dans IBM\nWebsphere Application Server Community Edition ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   des fichiers peuvent \u00eatre arbitrairement effac\u00e9s ou alt\u00e9r\u00e9s ;\n-   le mot de passe par d\u00e9faut n\u0027est pas suffisament s\u00fbr ;\n-   une installation partielle vuln\u00e9rable est mise en place apr\u00e8s\n    l\u0027echec du processus d\u0027installation.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    }
  ],
  "initial_release_date": "2010-09-20T00:00:00",
  "last_revision_date": "2010-09-20T00:00:00",
  "links": [
    {
      "title": "Liste des changements apport\u00e9s \u00e0 IBM Websphere Application    Server Community Edition version 2.1.1.4 :",
      "url": "http://publib.boulder.ibm.com/wasce/changes/2114/CHANGES.txt"
    }
  ],
  "reference": "CERTA-2010-AVI-446",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-09-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans IBM Websphere Application Server Community\nEdition permettent \u00e0 une personne malintentionn\u00e9e de porter atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es ou de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere Application Server Community Edition",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s \u00e0 IBM Websphere Application Server Community Edition",
      "url": null
    }
  ]
}

CERTA-2010-AVI-284

Vulnerability from certfr_avis - Published: 2010-06-23 - Updated: 2010-06-23

De multiples vulnérabilités ont été corrigées dans Tomcat sous HP-UX.

Description

Plusieurs vulnérabilités permettant l'élévation de privilèges et de porter atteinte à l'intégrité des données affectent le moteur de servlets de Tomcat sous HP-UX.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apache	Tomcat	Tomcat Servlet Engine 5.5.27.03 et versions antérieures sous HP-UX B.11.23 ;
Apache	Tomcat	Tomcat Servlet Engine 5.5.27.03 et versions antérieures sous HP-UX B.11.11 ;
Apache	Tomcat	Tomcat Servlet Engine 5.5.27.03 et versions antérieures sous HP-UX B.11.31.

References

Title

Publication Time

Tags

Bulletin de sécurité HP-UX HPSBUX02541 SSRT100145 du 16 juin 2010	None	vendor-advisory
Bulletin de sécurité HP c02241113 du 16 juin 2010 : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectId=c02241113	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tomcat Servlet Engine 5.5.27.03 et versions ant\u00e9rieures sous HP-UX B.11.23 ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Tomcat Servlet Engine 5.5.27.03 et versions ant\u00e9rieures sous HP-UX B.11.11 ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Tomcat Servlet Engine 5.5.27.03 et versions ant\u00e9rieures sous HP-UX B.11.31.",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s permettant l\u0027\u00e9l\u00e9vation de privil\u00e8ges et de\nporter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es affectent le moteur de\nservlets de Tomcat sous HP-UX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    }
  ],
  "initial_release_date": "2010-06-23T00:00:00",
  "last_revision_date": "2010-06-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02241113 du 16 juin 2010 :      http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectId=c02241113",
      "url": "http://h2000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectId=c02241113"
    }
  ],
  "reference": "CERTA-2010-AVI-284",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Tomcat sous HP-UX.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tomcat sous HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX HPSBUX02541 SSRT100145 du 16 juin 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-220

Vulnerability from certfr_avis - Published: 2010-05-20 - Updated: 2010-05-20

Plusieurs vulnérabilités découvertes dans HP Performance Manager permettent à un utilisateur distant malintentionné de provoquer un déni de service, de contourner la politique de sécurité, de porter atteinte à la confidentialité et à l'intégrité des données, d'élever ses privilèges ou encore de réaliser une attaque par injection de code indirecte.

Description

De nombreuses vulnérabilités ont été corrigées dans HP Performance Manager. Elles peuvent être exploitées par une personne malveillante afin de :

de provoquer un déni de service (CVE-2009-0033) ;
de contourner la politique de sécurité (CVE-2008-5515, CVE-2009-2901) ;
de porter atteinte à l'intégrité des données (CVE-2009-0783, CVE-2009-2693, CVE-2009-2902) ;
de porter atteinte à la confidentialité des données (CVE-2009-0580, CVE-2009-0783) ;
d'élever ses privilèges (CVE-2009-3548) ;
de réaliser une attaque par injection de code indirecte (CVE-2009-0781) ;

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	HP Performance Manager v8.10.
N/A	N/A	HP Performance Manager v8.20 ;
N/A	N/A	HP Performance Manager v8.21 ;

References

Title

Publication Time

Tags

Bulletin de scurit HP #c02181353 du 17 mai 2010	None	vendor-advisory
Bulletin de sécurité HP #c02181353 du 17 mai 2010 :	-	other
Bulletin de sécurité HP #c02181353 du 17 mai 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP Performance Manager v8.10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Performance Manager v8.20 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Performance Manager v8.21 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP Performance\nManager. Elles peuvent \u00eatre exploit\u00e9es par une personne malveillante\nafin de :\n\n-   de provoquer un d\u00e9ni de service (CVE-2009-0033) ;\n-   de contourner la politique de s\u00e9curit\u00e9 (CVE-2008-5515,\n    CVE-2009-2901) ;\n-   de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es (CVE-2009-0783,\n    CVE-2009-2693, CVE-2009-2902) ;\n-   de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es (CVE-2009-0580,\n    CVE-2009-0783) ;\n-   d\u0027\u00e9lever ses privil\u00e8ges (CVE-2009-3548) ;\n-   de r\u00e9aliser une attaque par injection de code indirecte\n    (CVE-2009-0781) ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    }
  ],
  "initial_release_date": "2010-05-20T00:00:00",
  "last_revision_date": "2010-05-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c02181353 du 17 mai 2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02181353"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c02181353 du 17 mai 2010 :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02181353"
    }
  ],
  "reference": "CERTA-2010-AVI-220",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans HP Performance Manager\npermettent \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni\nde service, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, d\u0027\u00e9lever ses privil\u00e8ges\nou encore de r\u00e9aliser une attaque par injection de code indirecte.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Performance Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de scurit HP #c02181353 du 17 mai 2010",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-089

Vulnerability from certfr_avis - Published: 2014-02-25 - Updated: 2014-02-25

De multiples vulnérabilités ont été corrigées dans HP XP P9000 Performance Advisor Software. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP XP P9000 Performance Advisor Software versions 5.4.1 et antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c04047415 du 25 février 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eHP XP P9000 Performance Advisor Software versions 5.4.1 et  ant\u00e9rieures\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-5062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5062"
    },
    {
      "name": "CVE-2011-2729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
    },
    {
      "name": "CVE-2010-4172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4172"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2011-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2011-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
    },
    {
      "name": "CVE-2013-0366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0366"
    },
    {
      "name": "CVE-2013-0381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0381"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2011-5063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5063"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2012-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
    },
    {
      "name": "CVE-2013-0354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0354"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2010-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2011-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
    },
    {
      "name": "CVE-2013-0372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0372"
    },
    {
      "name": "CVE-2011-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
    },
    {
      "name": "CVE-2013-0363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0363"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2013-0364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0364"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2012-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3219"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2012-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
    },
    {
      "name": "CVE-2013-0352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0352"
    },
    {
      "name": "CVE-2013-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0397"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2013-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0361"
    },
    {
      "name": "CVE-2011-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5064"
    },
    {
      "name": "CVE-2010-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2012-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3190"
    },
    {
      "name": "CVE-2011-2481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2481"
    },
    {
      "name": "CVE-2011-5035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5035"
    },
    {
      "name": "CVE-2011-2204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
    },
    {
      "name": "CVE-2010-1157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
    },
    {
      "name": "CVE-2012-2733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
    }
  ],
  "initial_release_date": "2014-02-25T00:00:00",
  "last_revision_date": "2014-02-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-089",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP XP P9000 Performance Advisor Software\u003c/span\u003e.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP XP P9000 Performance Advisor Software",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c04047415 du 25 f\u00e9vrier 2014",
      "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04047415-1"
    }
  ]
}

CERTA-2012-AVI-219

Vulnerability from certfr_avis - Published: 2012-04-18 - Updated: 2012-04-18

De multiples vulnérabilités ont étés corrigées dans HP OpenVMS. Ces vulnérabilités affectent plusieurs éléments du produit. Elles permettent de contourner des politiques de sécurité, de s'élever des privilèges, d'effectuer des modifications non autorisées, de causer des dénis de service et d'accéder à des informations non permises.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Centreon	Web	HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et antérieures ;
Centreon	N/A	HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64.
Centreon	N/A	HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03281867 du 16 avril 2012	None	vendor-advisory
Bulletin de sécurité HP c03281831 du 16 avril 2012	None	vendor-advisory
Bulletin de sécurité HP c03281869 du 16 avril 2012	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et ant\u00e9rieures ;",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
    },
    {
      "name": "CVE-2010-3870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3870"
    },
    {
      "name": "CVE-2010-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
    },
    {
      "name": "CVE-2010-4697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4697"
    },
    {
      "name": "CVE-2010-3709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3709"
    },
    {
      "name": "CVE-2011-2729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2010-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
    },
    {
      "name": "CVE-2010-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2100"
    },
    {
      "name": "CVE-2010-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2010-2531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
    },
    {
      "name": "CVE-2012-0134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0134"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2011-0752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0752"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2011-1092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
    },
    {
      "name": "CVE-2010-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1864"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2011-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
    },
    {
      "name": "CVE-2011-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
    },
    {
      "name": "CVE-2011-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    },
    {
      "name": "CVE-2010-2191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2191"
    },
    {
      "name": "CVE-2010-2101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2101"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2006-7243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2010-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4698"
    },
    {
      "name": "CVE-2010-2225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2225"
    },
    {
      "name": "CVE-2010-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2097"
    },
    {
      "name": "CVE-2011-1464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1464"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2010-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1860"
    },
    {
      "name": "CVE-2010-2190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2190"
    },
    {
      "name": "CVE-2011-2204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
    },
    {
      "name": "CVE-2010-1157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
    },
    {
      "name": "CVE-2010-4150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4150"
    },
    {
      "name": "CVE-2011-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
    },
    {
      "name": "CVE-2010-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1862"
    }
  ],
  "initial_release_date": "2012-04-18T00:00:00",
  "last_revision_date": "2012-04-18T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-219",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9s corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP OpenVMS\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s affectent plusieurs\n\u00e9l\u00e9ments du produit. Elles permettent de contourner des politiques de\ns\u00e9curit\u00e9, de s\u0027\u00e9lever des privil\u00e8ges, d\u0027effectuer des modifications non\nautoris\u00e9es, de causer des d\u00e9nis de service et d\u0027acc\u00e9der \u00e0 des\ninformations non permises.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenVMS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03281867 du 16 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281867"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03281831 du 16 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281831"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03281869 du 16 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281869"
    }
  ]
}

GHSA-975H-H4PP-737Q

Vulnerability from github – Published: 2022-05-02 03:46 – Updated: 2025-04-09 04:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3548"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-12T23:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.",
  "id": "GHSA-975h-h4pp-737q",
  "modified": "2025-04-09T04:16:22Z",
  "published": "2022-05-02T03:46:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3548"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40330"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36954"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023146"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3185"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1559"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-3548

Vulnerability from fkie_nvd - Published: 2009-11-12 23:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127420533226623&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=133469267822771&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=136485229118404&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=139344343412337&w=2
secalert@redhat.com	http://markmail.org/thread/wfu4nff5chvkb6xp
secalert@redhat.com	http://secunia.com/advisories/40330
secalert@redhat.com	http://secunia.com/advisories/57126
secalert@redhat.com	http://tomcat.apache.org/security-5.html	Patch, Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-6.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/507720/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/516397/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/36954
secalert@redhat.com	http://www.securitytracker.com/id?1023146
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
secalert@redhat.com	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3185	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1559
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54182
secalert@redhat.com	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127420533226623&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133469267822771&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=136485229118404&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=139344343412337&w=2
af854a3a-2127-422b-91ae-364da2661108	http://markmail.org/thread/wfu4nff5chvkb6xp
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40330
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57126
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-5.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-6.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507720/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36954
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023146
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3185	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1559
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54182
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033

Impacted products

Vendor	Product	Version
apache	tomcat	3.0
apache	tomcat	3.1
apache	tomcat	3.1.1
apache	tomcat	3.2
apache	tomcat	3.2.1
apache	tomcat	3.2.2
apache	tomcat	3.2.2
apache	tomcat	3.2.3
apache	tomcat	3.2.4
apache	tomcat	3.3
apache	tomcat	3.3.1
apache	tomcat	3.3.1a
apache	tomcat	3.3.2
apache	tomcat	4.0.0
apache	tomcat	4.0.1
apache	tomcat	4.0.2
apache	tomcat	4.0.3
apache	tomcat	4.0.4
apache	tomcat	4.0.5
apache	tomcat	4.0.6
apache	tomcat	4.1.0
apache	tomcat	4.1.1
apache	tomcat	4.1.2
apache	tomcat	4.1.3
apache	tomcat	4.1.3
apache	tomcat	4.1.4
apache	tomcat	4.1.5
apache	tomcat	4.1.6
apache	tomcat	4.1.7
apache	tomcat	4.1.8
apache	tomcat	4.1.9
apache	tomcat	4.1.9
apache	tomcat	4.1.10
apache	tomcat	4.1.11
apache	tomcat	4.1.12
apache	tomcat	4.1.13
apache	tomcat	4.1.14
apache	tomcat	4.1.15
apache	tomcat	4.1.16
apache	tomcat	4.1.17
apache	tomcat	4.1.18
apache	tomcat	4.1.19
apache	tomcat	4.1.20
apache	tomcat	4.1.21
apache	tomcat	4.1.22
apache	tomcat	4.1.23
apache	tomcat	4.1.24
apache	tomcat	4.1.25
apache	tomcat	4.1.26
apache	tomcat	4.1.27
apache	tomcat	4.1.28
apache	tomcat	4.1.29
apache	tomcat	4.1.30
apache	tomcat	4.1.31
apache	tomcat	4.1.32
apache	tomcat	4.1.33
apache	tomcat	4.1.34
apache	tomcat	4.1.35
apache	tomcat	4.1.36
apache	tomcat	4.1.37
apache	tomcat	4.1.38
apache	tomcat	4.1.39
apache	tomcat	5.0.0
apache	tomcat	5.0.1
apache	tomcat	5.0.2
apache	tomcat	5.0.3
apache	tomcat	5.0.4
apache	tomcat	5.0.5
apache	tomcat	5.0.6
apache	tomcat	5.0.7
apache	tomcat	5.0.8
apache	tomcat	5.0.9
apache	tomcat	5.0.10
apache	tomcat	5.0.11
apache	tomcat	5.0.12
apache	tomcat	5.0.13
apache	tomcat	5.0.14
apache	tomcat	5.0.15
apache	tomcat	5.0.16
apache	tomcat	5.0.17
apache	tomcat	5.0.18
apache	tomcat	5.0.19
apache	tomcat	5.0.21
apache	tomcat	5.0.22
apache	tomcat	5.0.23
apache	tomcat	5.0.24
apache	tomcat	5.0.25
apache	tomcat	5.0.26
apache	tomcat	5.0.27
apache	tomcat	5.0.28
apache	tomcat	5.0.29
apache	tomcat	5.0.30
apache	tomcat	5.5.0
apache	tomcat	5.5.1
apache	tomcat	5.5.2
apache	tomcat	5.5.3
apache	tomcat	5.5.4
apache	tomcat	5.5.5
apache	tomcat	5.5.6
apache	tomcat	5.5.7
apache	tomcat	5.5.8
apache	tomcat	5.5.9
apache	tomcat	5.5.10
apache	tomcat	5.5.11
apache	tomcat	5.5.12
apache	tomcat	5.5.13
apache	tomcat	5.5.14
apache	tomcat	5.5.15
apache	tomcat	5.5.16
apache	tomcat	5.5.17
apache	tomcat	5.5.18
apache	tomcat	5.5.19
apache	tomcat	5.5.20
apache	tomcat	5.5.21
apache	tomcat	5.5.22
apache	tomcat	5.5.23
apache	tomcat	5.5.24
apache	tomcat	5.5.25
apache	tomcat	5.5.26
apache	tomcat	5.5.27
apache	tomcat	5.5.28
apache	tomcat	6.0
apache	tomcat	6.0.0
apache	tomcat	6.0.1
apache	tomcat	6.0.2
apache	tomcat	6.0.3
apache	tomcat	6.0.4
apache	tomcat	6.0.5
apache	tomcat	6.0.6
apache	tomcat	6.0.7
apache	tomcat	6.0.8
apache	tomcat	6.0.9
apache	tomcat	6.0.10
apache	tomcat	6.0.11
apache	tomcat	6.0.12
apache	tomcat	6.0.13
apache	tomcat	6.0.14
apache	tomcat	6.0.15
apache	tomcat	6.0.16
apache	tomcat	6.0.17
apache	tomcat	6.0.18
apache	tomcat	6.0.20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAFF8D91-80A2-454A-8B44-A5A889002692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC42876-65AD-476A-8B62-25D4E15D1BB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "724A8FF9-8089-4302-8200-08987A712988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F97DDB7-E32B-422F-8AEA-07C75DEAD36E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7079F63C-7CA8-4909-A9C8-45C4C1C1C186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C13A162-9F3A-41EB-BF4A-A54AD26F7F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "4BE08AEE-4801-4FAF-97AD-BBD5C5849E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC829C8E-1061-4F62-BA4B-FE5C7F11F209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "143BA75E-A186-47EF-A18C-B1A1A1F61C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0CDF9E1-9412-450E-B1D4-438F128FFF9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32561F50-6385-4D71-AFAC-3D2F8DB55A4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D51D88E7-6F5C-42B0-BAD6-7DCD9A357B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C091BCC4-4B19-4304-A807-FE3BB3BCC8CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "914E1404-01A2-4F94-AA40-D5EA20F55AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FB1106-B26D-45BE-A511-8E69131BBA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "401A213A-FED3-49C0-B823-2E02EA528905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE5AD8-DB14-4632-9D2A-F2013579CA7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7641278D-3B8B-4CD2-B284-2047B65514A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7B9911-E836-4A96-A0E8-D13C957EC0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2341C51-A239-4A4A-B0DC-30F18175442C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "B7E52BE7-5281-4430-8846-E41CF34FC214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "02860646-1D72-4D9A-AE2A-5868C8EDB3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE4B9B5-9C2E-47E1-9483-88A17264594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE92A9B-4B8C-468E-9162-A56ED5313E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE21D455-5B38-4B07-8E25-4EE782501EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*",
              "matchCriteriaId": "CBDA8066-294D-431E-B026-C03707DFBCD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "084B3227-FE22-43E3-AE06-7BB257018690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D536FF4-7582-4351-ABE3-876E20F8E7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DDD82E-5D83-4581-B2F3-F12655BBF817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0F0C91-171E-421D-BE86-11567DEFC7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22D2621-D305-43CE-B00D-9A7563B061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4245BA-B05C-49DE-B2E0-1E588209ED3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8633532B-9785-4259-8840-B08529E20DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EA52901-2D16-4F7E-BF5E-780B42A55D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "94941F86-0BBF-4F30-8F13-FB895A11ED69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FDE602-A56A-477E-B704-41AF92EEBB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A28B11A-3BC7-41BC-8970-EE075B029F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD3E84C-9A2E-4586-A09E-CBDEB1E7F695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF54C08-5FF1-4D02-AA16-B13096BD566C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F3B31D-8974-4016-ACAF-E7A917C99F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D9B12F-F36A-424E-99BB-E00EF0FCA277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8FEEF0-8E57-43B1-8316-228B76E458D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82F3FAE-91AD-4F0B-A1F7-11C1A97C5ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3B2802B-E56C-462A-9601-361A9166B5F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "190FB4FD-22A5-4771-8F99-1E260A36A474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BD3785E-3A09-4BE4-96C7-619B8A7D5062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "285F7969-09F6-48CC-89CE-928225A53CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9EDACC-0300-4DA7-B1CD-5F7A6029AF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B387EF0-94AD-4C8E-8CD4-4F5F706481BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA486065-18D5-4425-ADA5-284101919564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0141E20-2E3D-4CD0-A757-D7CA98499CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E62493D-FEAE-49E8-A293-CE18451D0264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA01AB58-CAB2-420A-9899-EAB153DD898A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D731AFDD-9C33-4DC8-9BC6-06BB51048752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "01706205-1369-4E5D-8936-723DA980CA9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC4A52C-6FBC-420A-885A-F72BC1DBAEC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1C882D-949B-40B9-BC9F-E7FCE4FE7C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A1451D2-B905-4AD7-9BD7-10CF2A12BA34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C505696B-10E4-4B99-A598-40FA0DA39F7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB2F3D8-25A1-408E-80D0-59D52A901284",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3904E9A-585A-4005-B2E9-13538535383D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1934BF-83E3-4B0B-A1DF-391A5332CE39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F06B9809-5BFA-4DB9-8753-1D8319713879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6631B0-9F2E-4C5F-AB21-F085A8C1559B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "15625451-E56D-405F-BE9B-B3CB1A35E929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "97ADBDC4-B669-467D-9A07-9A2DD8B68374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA876C8-4417-4C35-9FEC-278D45CE6E92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C08A88-9377-4B32-8173-EE2D121B06D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7225A43-8EAE-4DA6-BBDC-4418D5444767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A46C0933-3B19-40EA-8DED-2BF25AB85C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D70CFD9-B55D-4A29-B94C-D33F3E881A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1195878-CCC9-49BC-9AC7-1F88F0DFAB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges."
    },
    {
      "lang": "es",
      "value": "El instalador de Windows para Apache Tomcat 6.0.0 a 6.0.20, 5.5.0 a 5.5.28, y posiblemente versiones anteriores, usa una contrase\u00f1a en blanco por defecto para el usuario administrador, lo que permite a atacantes remotos obtener privilegios."
    }
  ],
  "id": "CVE-2009-3548",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-12T23:30:00.843",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/40330"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/36954"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1023146"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3185"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1559"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-3548

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3548

Aliases

CVE-2009-3548

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3548",
    "description": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.",
    "id": "GSD-2009-3548",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2009-3548"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3548"
      ],
      "details": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.",
      "id": "GSD-2009-3548",
      "modified": "2023-12-13T01:19:49.299953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-3548",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBUX02541",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
          },
          {
            "name": "HPSBMA02535",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
          },
          {
            "name": "HPSBUX02860",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "40330",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40330"
          },
          {
            "name": "SSRT100029",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
          },
          {
            "name": "ADV-2010-1559",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/1559"
          },
          {
            "name": "oval:org.mitre.oval:def:19414",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
          },
          {
            "name": "HPSBOV02762",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "tomcat-admin-default-password(54182)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
          },
          {
            "name": "http://tomcat.apache.org/security-6.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "57126",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/57126"
          },
          {
            "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7033",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
          },
          {
            "name": "36954",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36954"
          },
          {
            "name": "SSRT100825",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "ADV-2009-3185",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3185"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
          },
          {
            "name": "http://markmail.org/thread/wfu4nff5chvkb6xp",
            "refsource": "MISC",
            "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
          },
          {
            "name": "SSRT101146",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "HPSBST02955",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
          },
          {
            "name": "1023146",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023146"
          },
          {
            "name": "SSRT100145",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20191124 [CONF] Apache Tomcat \u003e Security",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-3548"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36954",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36954"
            },
            {
              "name": "1023146",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023146"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "ADV-2009-3185",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3185"
            },
            {
              "name": "http://markmail.org/thread/wfu4nff5chvkb6xp",
              "refsource": "MISC",
              "tags": [],
              "url": "http://markmail.org/thread/wfu4nff5chvkb6xp"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "40330",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/40330"
            },
            {
              "name": "ADV-2010-1559",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/1559"
            },
            {
              "name": "HPSBUX02541",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
            },
            {
              "name": "HPSBUX02860",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "HPSBST02955",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
            },
            {
              "name": "57126",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/57126"
            },
            {
              "name": "HPSBOV02762",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
            },
            {
              "name": "HPSBMA02535",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
            },
            {
              "name": "tomcat-admin-default-password(54182)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54182"
            },
            {
              "name": "oval:org.mitre.oval:def:7033",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7033"
            },
            {
              "name": "oval:org.mitre.oval:def:19414",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19414"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "20091109 [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507720/100/0/threaded"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20191124 [CONF] Apache Tomcat \u003e Security",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/df497a37fbf98e38d4c83e44829745fe9851b5fde928409c950f80e6@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-25T11:31Z",
      "publishedDate": "2009-11-12T23:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3548 (GCVE-0-2009-3548)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Solution

Solution

Tags

Sightings

Nomenclature