The host is installed with Apache Tomcat 6.0.0 through 6.0.20 or 5.5.0 through 5.5.28 and is prone to insecure default administrative password vulnerability. A flaw is present in the application, where the Windows installer creates a blank password by default for the administrative user. Successful exploitation allows remote attackers to gain privileges.