Vulnerabilities > CVE-2007-2697 - Denial-Of-Service vulnerability in Weblogic Server

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

bea

NVD

Published: 2007-05-16

Updated: 2017-07-29

Summary

The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 7.0 BEA Weblogic Server 8.1 BEA Weblogic Server 9.0 BEA Weblogic Server 9.1	33

References

http://dev2dev.bea.com/pub/advisory/229
http://osvdb.org/36072
http://secunia.com/advisories/25284
http://securitytracker.com/id?1018057
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34291