This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The management console for the remote web server is protected using a
known set of credentials.
Nessus was able to gain access to the Manager web application for the
remote Tomcat server using a known set of credentials. A remote
attacker can exploit this issue to install a malicious application on
the affected server and run arbitrary code with Tomcat's privileges
(usually SYSTEM on Windows, or the unprivileged 'tomcat' account on
Worms are known to propagate this way.
See also :
Edit the associated 'tomcat-users.xml' file and change or remove the
affected set of credentials.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 34970 ()
Bugtraq ID: 3625336954370863808444172
CVE ID: CVE-2009-3099CVE-2009-3548CVE-2010-0557CVE-2010-4094
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.