Lucene search

MitreCVE-2008-0901

HistoryFeb 22, 2008 - 9:44 p.m.

CVE-2008-0901

2008-02-2221:44:00

CWE-200

CWE-255

mitre

web.nvd.nist.gov

cve-2008-0901

security

remote attack

bea weblogic server

password guessing

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

Affected configurations

Nvd

Node

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp5

beaweblogic_serverMatch7.0sp6

beaweblogic_serverMatch7.0sp7

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp4

beaweblogic_serverMatch8.1sp5

beaweblogic_serverMatch8.1sp6

beaweblogic_serverMatch9.0

beaweblogic_serverMatch9.1

beaweblogic_serverMatch9.2

beaweblogic_serverMatch9.2mp1

beaweblogic_serverMatch9.2mp2

beaweblogic_serverMatch10.0

bea_systemsweblogic_serverMatch10.0_mp1

VendorProductVersionCPE
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
beaweblogic_server7.0cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:sp5::::::
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:sp6::::::
bea	weblogic_server	7.0	cpe:2.3:a:bea:weblogic_server:7.0:sp7::::::
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:::::::*
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::

Rows per page:

1-10 of 221

References

dev2dev.bea.com/pub/advisory/271

secunia.com/advisories/29041

www.s21sec.com/avisos/s21sec-040-en.txt

www.securityfocus.com/archive/1/488686/100/0/threaded

www.securitytracker.com/id?1019449

www.vupen.com/english/advisories/2008/0612/references

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

Related for CVE-2008-0901