Vulnerabilities > CVE-2005-4767 - Multiple vulnerability in BEA Weblogic Server 7.0/8.1

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

bea

NVD

Published: 2005-12-31

Updated: 2008-09-05

Summary

BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 7.0 BEA Weblogic Server 8.1	39

References

http://dev2dev.bea.com/pub/advisory/161
http://dev2dev.bea.com/pub/advisory/178
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052
http://www.securityfocus.com/bid/17168