Intrusion PreventionApache.Tomcat.Windows.Installer.Password.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in Apache Tomcat.
The vulnerability is due an error in the application which grants every user admin privileges when they are first created with a blank password. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application by sending a crafted request to a vulnerable server.
Affected Products
Tomcat 6.0.0 through 6.0.20
Tomcat 5.5.0 through 5.5.28
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version available from the website.
http://tomcat.apache.org/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-01-30 | 26.724 | Sig Added |
| 2020-05-20 | 15.847 | Default_action:pass:drop |
| ID | 31963 |
| Created | Jun 07, 2012 |
| Updated | Jan 30, 2024 |
| Risk |
|
| CVE ID | CVE-2010-4094 CVE-2009-3548 |
| Exploit Prediction Score | 17.08% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Apache |