fkie_nvd - fkie_cve-2008-0901

fkie_cve-2008-0901

Vulnerability from fkie_nvd

Published

2008-02-22 21:44

Modified

2024-11-21 00:43

Severity ?

Summary

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

References

URL	Tags
cve@mitre.org	http://dev2dev.bea.com/pub/advisory/271	Patch
cve@mitre.org	http://secunia.com/advisories/29041
cve@mitre.org	http://www.s21sec.com/avisos/s21sec-040-en.txt
cve@mitre.org	http://www.securityfocus.com/archive/1/488686/100/0/threaded
cve@mitre.org	http://www.securitytracker.com/id?1019449
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0612/references
af854a3a-2127-422b-91ae-364da2661108	http://dev2dev.bea.com/pub/advisory/271	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29041
af854a3a-2127-422b-91ae-364da2661108	http://www.s21sec.com/avisos/s21sec-040-en.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/488686/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019449
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0612/references

Impacted products

Vendor	Product	Version
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	9.0
bea	weblogic_server	9.1
bea	weblogic_server	9.2
bea	weblogic_server	9.2
bea	weblogic_server	9.2
bea	weblogic_server	10.0
bea_systems	weblogic_server	10.0_mp1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "16E3F943-D920-4C0A-8545-5CF7D792011F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "B46A3EBE-B268-427E-AAB5-62DDF255F1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "9429D939-FCC4-4BA7-90C4-BBEECE7309D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "7A75A7F9-A99A-4C8E-9867-71FA8A55DD70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*",
              "matchCriteriaId": "321BC193-5FBF-4F25-996D-1FE74779F34D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*",
              "matchCriteriaId": "E23EB6FE-EA07-426F-9781-87630BC76FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F9ABCC-5217-4650-8C71-F8B0EB86789F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea_systems:weblogic_server:10.0_mp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4B4A86-A381-4DB1-AA9D-57DBEC2466CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
    },
    {
      "lang": "es",
      "value": "BEA WebLogic Server y Express de 7.0 a 10.0 permite a atacantes remotos llevar a cabo ataques para adivinar contrase\u00f1as mediante fuerza bruta, incluso cuando se ha activado el cierre de cuenta, a trav\u00e9s de URLs manipulados que indican si la contrase\u00f1a supuesta es buena o no."
    }
  ],
  "id": "CVE-2008-0901",
  "lastModified": "2024-11-21T00:43:11.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-22T21:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://dev2dev.bea.com/pub/advisory/271"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29041"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019449"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0612/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://dev2dev.bea.com/pub/advisory/271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0612/references"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-0901

Vulnerability from cvelistv5

Published

2008-02-22 21:00

Modified

2024-08-07 08:01