Vulnerability Details : CVE-2010-4094
Public exploit exists!
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2010-4094
Probability of exploitation activity in the next 30 days: 1.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-4094
-
Apache Tomcat Manager Application Deployer Authenticated Code Execution
Disclosure Date: 2009-11-09First seen: 2020-04-26exploit/multi/http/tomcat_mgr_deployThis module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/h -
Tomcat Application Manager Login Utility
First seen: 2020-04-26auxiliary/scanner/http/tomcat_mgr_loginThis module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. Authors: - MC <mc@metasploit.com> - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com> -
Apache Tomcat Manager Authenticated Upload Code Execution
Disclosure Date: 2009-11-09First seen: 2020-04-26exploit/multi/http/tomcat_mgr_uploadThis module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The
CVSS scores for CVE-2010-4094
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-4094
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4094
-
http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/UpdateLog.txt
-
http://www.zerodayinitiative.com/advisories/ZDI-10-214/
ZDI-10-214 | Zero Day Initiative
-
http://www.vupen.com/english/advisories/2010/2732
Webmail | OVH- OVHVendor Advisory
-
http://securitytracker.com/id?1024601
IBM Rational Quality Manager Default Administrative Account Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/44172
IBM Rational Quality Manager and Test Lab Manager Remote Code Execution Vulnerability
Products affected by CVE-2010-4094
- cpe:2.3:a:ibm:rational_test_lab_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*