Info

Last Modified

about 1 year ago

Percent Complete

Disclosure

May 14, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 0% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

BEA07-161.00

Description

(Description Provided by CVE) : The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.

Classification

Unknown or Incomplete

Products

Unknown or Incomplete

References

Security Tracker: 1018057
CVE ID: 2007-2697 (see also: NVD)
Secunia Advisory ID: 25284
ISS X-Force ID: 34291
Related OSVDB ID: 36063 36064 36065 36066 36067 36068 36069 36071 36073 36074 36075
FrSIRT Advisory: ADV-2007-1815
Keyword: BEA07-161.00
Vendor Specific Advisory URL: http://dev2dev.bea.com/pub/advisory/229

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches