Description
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
References (3)
Core 3
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/155
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15052
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17138
Scores
EPSS
0.0034
EPSS Percentile
56.9%
Details
Status
published
Products (2)
bea/weblogic_server
6.1 (26 CPE variants)
bea/weblogic_server
7.0 (24 CPE variants)
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026