The Apache Tomcat Windows installer insecurely leaves the default install with a blank administrator password. Versions 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82655/CVE-2009-3548.txt
Source: https://packetstormsecurity.com/files/82655/Apache-Tomcat-On-Windows-Blank-Password.html