BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
AV:N/AC:M/Au:N/C:C/I:N/A:NBea Weblogic Server
APPBea10.07.08.19.09.19.2Bea Systems Weblogic Server
APPBea Systems10.0_mp1
Related vulnerabilities
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application...
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "r...
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold thro...
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log t...