BEA WebLogic Server and Express 7.0 up to and including 10.0 allows remote malicious users to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 7.0 |
||
bea weblogic server 8.1 |
||
bea weblogic server 9.2 |
||
bea weblogic server 10.0 |
||
bea weblogic server 9.0 |
||
bea weblogic server 9.1 |
||
bea systems weblogic server 10.0_mp1 |