Lucene search

[email protected]CVE-2007-2697

HistoryMay 16, 2007 - 1:19 a.m.

CVE-2007-2697

2007-05-1601:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2697

security

ldap

weblogic server

denial of service

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq9.0
bea:weblogic_serverbea weblogic servereq9.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	9.0
bea:weblogic_server	bea weblogic server	eq	9.1

References

dev2dev.bea.com/pub/advisory/229

osvdb.org/36072

secunia.com/advisories/25284

securitytracker.com/id?1018057

www.vupen.com/english/advisories/2007/1815

exchange.xforce.ibmcloud.com/vulnerabilities/34291

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2007-2697

prion1