HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2008-0901

CVSS 7.1v2.0pub. 2008-02-22upd. 2026-04-23

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

CVSS Vector
AV:N/AC:M/Au:N/C:C/I:N/A:N
  • Bea Weblogic Server

    APP
    Bea
    10.07.08.19.09.19.2
  • Bea Systems Weblogic Server

    APP
    Bea Systems
    10.0_mp1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2005-1744CRITICAL9.8ten sam produkt

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application...

CVE-2008-3257HIGH10.0ten sam produkt

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...

CVE-2008-0897HIGH7.9ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "r...

CVE-2007-4617HIGH7.8ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold thro...

CVE-2007-4614HIGH7.5ten sam produkt

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log t...