CVE-2006-0419

BEA WebLogic Server and WebLogic Express 7.0-9.0 - Unauthenticated Denial of Service via Embedded LDAP Server

Title source: llm
STIX 2.1

Description

BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.

References (2)

Core 2
Core References
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015528
Exploit, Vendor Advisory vendor-advisory x_refsource_bea
http://dev2dev.bea.com/pub/advisory/163

Scores

EPSS 0.0059
EPSS Percentile 69.3%

Details

Status published
Products (3)
bea/weblogic_server 7.0 sp1 (12 CPE variants)
bea/weblogic_server 8.1 sp1 (10 CPE variants)
bea/weblogic_server 9.0 (2 CPE variants)
Published Jan 25, 2006
Tracked Since Feb 18, 2026