CVE-2005-0432

BEA WebLogic Server <8.1 SP3 - Info Disclosure

Title source: llm

Description

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.

References (2)

Core 2

Core References

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14298

Patch, Vendor Advisory x_refsource_confirm

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA05-74.00.jsp

Scores

EPSS 0.0026

EPSS Percentile 49.5%

Details

Status published

Products (2)

bea/weblogic_server 7.0 sp5

bea/weblogic_server 8.1 sp3

Published May 02, 2005

Tracked Since Feb 18, 2026