CVE-2007-2697Weblogic Server vulnerability

4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
1.4%
top 19.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedMay 16
Latest updateMay 1

Description

The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server4 versions+3

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-w6j8-rrq7-6j99: The embedded LDAP server in BEA WebLogic Express and WebLogic Server 72022-05-01
CVEList
CVE-2007-2697: The embedded LDAP server in BEA WebLogic Express and WebLogic Server 72007-05-16

📋Vendor Advisories

1
Red Hat
gdm not built with tcp_wrappers2007-05-11
CVE-2007-2697 — BEA Weblogic Server vulnerability | cvebase