PT-2010-5289 · Apache+1 · Apache Tomcat+2

Abdulaziz Hariri

Published

2010-10-26

Updated

2011-01-11

CVE-2010-4094

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Rational Quality Manager and Rational Test Lab Manager (affected versions not specified)

Description The issue concerns a default password for the ADMIN account in the Tomcat server, which can be exploited by remote attackers to execute arbitrary code. This can be achieved by leveraging access to the manager role.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2010-4094

Affected Products

Ibm Rational Quality Manager

Rational Test Lab Manager

Apache Tomcat

PT-2010-5289 · Apache+1 · Apache Tomcat+2

CVE-2010-4094

Weakness Enumeration

Related Identifiers

Affected Products

References · 12