CVE-2005-4767

2006-04-0102:00:00

mitre

www.cve.org

bea weblogic server

express

authentication

vulnerability

remote attackers

password guessing

AI Score

6.7

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.

References

dev2dev.bea.com/pub/advisory/161

dev2dev.bea.com/pub/advisory/178

secunia.com/advisories/17138

www.securityfocus.com/bid/15052

www.securityfocus.com/bid/17168