CVE-2005-0432 — Improper Control of Interaction Frequency in Weblogic Server

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 50.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedMay 2

Latest updateMay 1

Description

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: dev2dev.bea.com ↗Patch: secunia.com ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-wrx5-4m94-5mpw: BEA WebLogic Server 7↗2022-05-01

▶

CVEList

CVE-2005-0432: BEA WebLogic Server 7↗2005-02-15

▶