Lucene search

PRIOn knowledge basePRION:CVE-2007-2697

HistoryMay 16, 2007 - 1:19 a.m.

Authentication flaw

2007-05-1601:19:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.4%

JSON

The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.

CPENameOperatorVersion
weblogic_servereq8.1 express
weblogic_servereq7.0 sp2-express
weblogic_servereq8.1
weblogic_servereq9.0
weblogic_servereq7.0 sp4
weblogic_servereq7.0
weblogic_servereq8.1 sp5-express
weblogic_servereq7.0 sp6
weblogic_servereq7.0 sp3
weblogic_servereq8.1 sp5

Name	Operator	Version
weblogic_server	eq	8.1 express
weblogic_server	eq	7.0 sp2-express
weblogic_server	eq	8.1
weblogic_server	eq	9.0
weblogic_server	eq	7.0 sp4
weblogic_server	eq	7.0
weblogic_server	eq	8.1 sp5-express
weblogic_server	eq	7.0 sp6
weblogic_server	eq	7.0 sp3
weblogic_server	eq	8.1 sp5

Rows per page:

1-10 of 331

References

dev2dev.bea.com/pub/advisory/229

osvdb.org/36072

secunia.com/advisories/25284

securitytracker.com/id?1018057

www.vupen.com/english/advisories/2007/1815

exchange.xforce.ibmcloud.com/vulnerabilities/34291

7.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.4%

JSON

Related for PRION:CVE-2007-2697

cve1