ID CVE-2010-4094
Summary The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:rational_test_lab_manager
    cpe:2.3:a:ibm:rational_test_lab_manager
  • cpe:2.3:a:ibm:rational_quality_manager
    cpe:2.3:a:ibm:rational_quality_manager
CVSS
Base: 5.0 (as of 27-10-2010 - 09:56)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description Apache Tomcat Manager Application Deployer Authenticated Code Execution. CVE-2009-3548,CVE-2009-3843,CVE-2009-4188,CVE-2009-4189,CVE-2010-0557,CVE-2010-4094....
id EDB-ID:16317
last seen 2016-02-01
modified 2010-12-14
published 2010-12-14
reporter metasploit
source https://www.exploit-db.com/download/16317/
title Apache Tomcat Manager Application Deployer Authenticated Code Execution
metasploit via4
  • description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.
    id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_DEPLOY
    last seen 2019-02-23
    modified 2018-08-20
    published 2013-01-07
    reliability Excellent
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_deploy.rb
    title Apache Tomcat Manager Application Deployer Authenticated Code Execution
  • description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.
    id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_UPLOAD
    last seen 2019-03-28
    modified 2018-08-20
    published 2014-01-27
    reliability Excellent
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_upload.rb
    title Apache Tomcat Manager Authenticated Upload Code Execution
  • description This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass.
    id MSF:AUXILIARY/SCANNER/HTTP/TOMCAT_MGR_LOGIN
    last seen 2019-01-01
    modified 2018-02-13
    published 2013-02-20
    reliability Normal
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/tomcat_mgr_login.rb
    title Tomcat Application Manager Login Utility
nessus via4
NASL family Web Servers
NASL id TOMCAT_MANAGER_COMMON_CREDS.NASL
description Nessus was able to gain access to the Manager web application for the remote Tomcat server using a known set of credentials. A remote attacker can exploit this issue to install a malicious application on the affected server and run arbitrary code with Tomcat's privileges (usually SYSTEM on Windows, or the unprivileged 'tomcat' account on Unix). Note that worms are known to propagate this way.
last seen 2019-02-21
modified 2018-11-15
plugin id 34970
published 2008-11-26
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=34970
title Apache Tomcat Manager Common Administrative Credentials
packetstorm via4
data source https://packetstormsecurity.com/files/download/125021/tomcat_mgr_upload.rb.txt
id PACKETSTORM:125021
last seen 2016-12-05
published 2014-02-01
reporter rangercha
source https://packetstormsecurity.com/files/125021/Apache-Tomcat-Manager-Code-Execution.html
title Apache Tomcat Manager Code Execution
refmap via4
bid 44172
misc
osvdb 69008
sectrack 1024601
secunia 41784
vupen ADV-2010-2732
saint via4
bid 44172
description IBM Rational Quality Manager and Test Lab Manager Policy Bypass
title ibm_rational_quality_manager_default_credentials
type remote
Last major update 11-01-2011 - 01:45
Published 26-10-2010 - 14:00
Back to Top