Lucene search
HistoryFeb 22, 2008 - 9:44 p.m.
CVE-2008-0901
cve-2008-0901
security
remote attack
bea weblogic server
password guessing
nvd
6.9 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.006 Low
EPSS
Percentile
78.6%
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
Affected configurations
Node
beaweblogic_serverMatch7.0
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0sp2
ORbeaweblogic_serverMatch7.0sp3
ORbeaweblogic_serverMatch7.0sp4
ORbeaweblogic_serverMatch7.0sp5
ORbeaweblogic_serverMatch7.0sp6
ORbeaweblogic_serverMatch7.0sp7
ORbeaweblogic_serverMatch8.1
ORbeaweblogic_serverMatch8.1sp1
ORbeaweblogic_serverMatch8.1sp2
ORbeaweblogic_serverMatch8.1sp3
ORbeaweblogic_serverMatch8.1sp4
ORbeaweblogic_serverMatch8.1sp5
ORbeaweblogic_serverMatch8.1sp6
ORbeaweblogic_serverMatch9.0
ORbeaweblogic_serverMatch9.1
ORbeaweblogic_serverMatch9.2
ORbeaweblogic_serverMatch9.2mp1
ORbeaweblogic_serverMatch9.2mp2
ORbeaweblogic_serverMatch10.0
ORbea_systemsweblogic_serverMatch10.0_mp1
Related
prion
prion
Default credentials
2008-02-22 21:44:00
nvd
nvd
CVE-2008-0901
2008-02-22 21:44:00
cvelist
cvelist
CVE-2008-0901
2008-02-22 21:00:00
6.9 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.006 Low
EPSS
Percentile
78.6%
Related for CVE-2008-0901