Apache Tomcat Credentials Management Errors Vulnerability - CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20 5.5.0 through 5.5.28 and possibly earlier versions uses a blank default password for the administrative user which allows remote attackers to gain privileges.