CVE-2007-2697
published 2007-05-16CVE-2007-2697: The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not…
PriorityP423medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
2.22%
80.5th percentile
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6j8-rrq7-6j99: The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7
ghsa_unreviewed·2022-05-01
CVE-2007-2697 [MEDIUM] GHSA-w6j8-rrq7-6j99: The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
Red Hat
gdm not built with tcp_wrappers
vendor_redhat·2007-05-11·CVSS 6.0
CVE-2009-2697 [MEDIUM] gdm not built with tcp_wrappers
gdm not built with tcp_wrappers
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://dev2dev.bea.com/pub/advisory/229http://osvdb.org/36072http://secunia.com/advisories/25284http://securitytracker.com/id?1018057http://www.vupen.com/english/advisories/2007/1815https://exchange.xforce.ibmcloud.com/vulnerabilities/34291http://dev2dev.bea.com/pub/advisory/229http://osvdb.org/36072http://secunia.com/advisories/25284http://securitytracker.com/id?1018057http://www.vupen.com/english/advisories/2007/1815https://exchange.xforce.ibmcloud.com/vulnerabilities/34291
2007-05-16
Published