CVE-2008-0901
Published Feb 22, 2008
Last updated 6 years ago
Overview
- Description
- BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 6.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16E3F943-D920-4C0A-8545-5CF7D792011F"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B46A3EBE-B268-427E-AAB5-62DDF255F1D1"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9429D939-FCC4-4BA7-90C4-BBEECE7309D0"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A75A7F9-A99A-4C8E-9867-71FA8A55DD70"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "321BC193-5FBF-4F25-996D-1FE74779F34D"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E23EB6FE-EA07-426F-9781-87630BC76FB3"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60F9ABCC-5217-4650-8C71-F8B0EB86789F"
},
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_server:10.0_mp1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D4B4A86-A381-4DB1-AA9D-57DBEC2466CF"
}
],
"operator": "OR"
}
]
}
]