Vulnerability Description
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/229PatchVendor Advisory
- http://osvdb.org/36072
- http://secunia.com/advisories/25284
- http://securitytracker.com/id?1018057
- http://www.vupen.com/english/advisories/2007/1815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34291
- http://dev2dev.bea.com/pub/advisory/229PatchVendor Advisory
- http://osvdb.org/36072
- http://secunia.com/advisories/25284
- http://securitytracker.com/id?1018057
- http://www.vupen.com/english/advisories/2007/1815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34291
FAQ
What is CVE-2007-2697?
CVE-2007-2697 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attem...
How severe is CVE-2007-2697?
CVE-2007-2697 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2697?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.