Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0901

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-0901
Last Modified 07 Mar 2011 10:05:38
Published 22 Feb 2008 04:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0901

Summary

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

Vulnerable Systems

Application

  • Bea Systems Weblogic Server 10.0 Mp1

  • Bea Weblogic Server 10.0

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1

  • Bea Weblogic Server 9.0

  • Bea Weblogic Server 9.1

  • Bea Weblogic Server 9.2


References

BEA - BEA08-197.00

VUPEN - ADV-2008-0612

SECTRACK - 1019449

BUGTRAQ - 20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server

MISC - http://www.s21sec.com/avisos/s21sec-040-en.txt

SECUNIA - 29041


Last Updated: 27 May 2016 10:46:58