CVE-2008-0901
Summary
| CVE | CVE-2008-0901 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-02-22 21:44:00 UTC |
| Updated | 2018-10-15 22:03:00 UTC |
| Description | BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. |
Risk And Classification
Problem Types: CWE-255 | CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bea | Weblogic Server | 10.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp1 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp2 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp3 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp4 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp5 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp6 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp7 | All | All |
| Application | Bea | Weblogic Server | 8.1 | All | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp1 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp2 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp3 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp4 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp5 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp6 | All | All |
| Application | Bea | Weblogic Server | 9.0 | All | All | All |
| Application | Bea | Weblogic Server | 9.1 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | mp1 | All | All |
| Application | Bea | Weblogic Server | 9.2 | mp2 | All | All |
| Application | Bea | Weblogic Server | 10.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp1 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp2 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp3 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp4 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp5 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp6 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp7 | All | All |
| Application | Bea | Weblogic Server | 8.1 | All | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp1 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp2 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp3 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp4 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp5 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp6 | All | All |
| Application | Bea | Weblogic Server | 9.0 | All | All | All |
| Application | Bea | Weblogic Server | 9.1 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | mp1 | All | All |
| Application | Bea | Weblogic Server | 9.2 | mp2 | All | All |
| Application | Bea Systems | Weblogic Server | 10.0_mp1 | All | All | All |
| Application | Bea Systems | Weblogic Server | 10.0_mp1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Page not found – S21Sec | MISC | www.s21sec.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Oracle Fusion Middleware Technologies | BEA | dev2dev.bea.com | Patch |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| WebLogic Lets Remote Users Bypass the Account Lockout Feature - SecurityTracker | SECTRACK | www.securitytracker.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.