CVE-2005-4764 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bea	Weblogic Server	6.1

References

http://dev2dev.bea.com/pub/advisory/155PatchVendor Advisory
http://secunia.com/advisories/17138Vendor Advisory
http://www.securityfocus.com/bid/15052Patch
http://dev2dev.bea.com/pub/advisory/155PatchVendor Advisory
http://secunia.com/advisories/17138Vendor Advisory
http://www.securityfocus.com/bid/15052Patch

FAQ

What is CVE-2005-4764?

CVE-2005-4764 is a vulnerability with a CVSS score of 7.8 (HIGH). BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account ...

How severe is CVE-2005-4764?

CVE-2005-4764 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4764?

Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.