Apache Tomcat Windows Installer Insecure Password Vulnerability
Apache Tomcat is prone to an insecure-password vulnerability.
Attackers may exploit this issue to obtain administrative access to the application. Other attacks may also be possible.
The following are vulnerable:
Tomcat 6.0.0 through 6.0.20
Tomcat 5.5.0 through 5.5.28
Unsupported versions in the 3.x, 4.x, 4.1.x, and 5.0.x branches may also be affected.