1. CVE-Search
  2. CVE-2007-2697
ID CVE-2007-2697
Summary The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bea BEA07-161.00
osvdb 36072
sectrack 1018057
secunia 25284
vupen ADV-2007-1815
xf weblogic-ldap-brute-force(34291)
Last major update 29-07-2017 - 01:31
Published 16-05-2007 - 01:19
Last modified 29-07-2017 - 01:31
Back to Top