CVE-2008-0901

Sažetak

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

Reference

http://dev2dev.bea.com/pub/advisory/271
http://secunia.com/advisories/29041
http://www.s21sec.com/avisos/s21sec-040-en.txt
http://www.securityfocus.com/archive/1/488686/100/0/threaded
http://www.securitytracker.com/id?1019449
http://www.vupen.com/english/advisories/2008/0612/references

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

15-10-2018 - 22:03

Objavljeno

22-02-2008 - 21:44