Lucene search

[email protected]CVE-2005-0432

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0432

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

bea

weblogic server

vulnerability

authentication

brute force

nvd

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	7.0

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA05-74.00.jsp

secunia.com/advisories/14298

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for CVE-2005-0432

cvelist1