Back to search
CVE-2005-4767
Published: Apr 1, 2006
Modified: Sep 16, 2024
PUBLISHED
Description
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
15052
vdb-entry
x_refsource_BID
BEA05-107.00
vendor-advisory
x_refsource_BEA
17138
third-party-advisory
x_refsource_SECUNIA
BEA06-107.01
vendor-advisory
x_refsource_BEA
17168
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now