CVE-2008-0901

2008-02-2221:00:00

mitre

www.cve.org

AI Score

6.9

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

References

dev2dev.bea.com/pub/advisory/271

secunia.com/advisories/29041

www.s21sec.com/avisos/s21sec-040-en.txt

www.securityfocus.com/archive/1/488686/100/0/threaded

www.securitytracker.com/id?1019449

www.vupen.com/english/advisories/2008/0612/references