Vulnerability Description
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/161PatchVendor Advisory
- http://dev2dev.bea.com/pub/advisory/178PatchVendor Advisory
- http://secunia.com/advisories/17138PatchVendor Advisory
- http://www.securityfocus.com/bid/15052Patch
- http://www.securityfocus.com/bid/17168Patch
- http://dev2dev.bea.com/pub/advisory/161PatchVendor Advisory
- http://dev2dev.bea.com/pub/advisory/178PatchVendor Advisory
- http://secunia.com/advisories/17138PatchVendor Advisory
- http://www.securityfocus.com/bid/15052Patch
- http://www.securityfocus.com/bid/17168Patch
FAQ
What is CVE-2005-4767?
CVE-2005-4767 is a vulnerability with a CVSS score of 5.1 (MEDIUM). BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid log...
How severe is CVE-2005-4767?
CVE-2005-4767 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4767?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.