Description
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
References (5)
Core 5
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15052
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/161
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17138
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/178
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17168
Scores
EPSS
0.0132
EPSS Percentile
80.1%
Details
Status
published
Products (2)
bea/weblogic_server
7.0 (21 CPE variants)
bea/weblogic_server
8.1 (18 CPE variants)
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026