Vulnerability Details : CVE-2005-0432
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.
Exploit prediction scoring system (EPSS) score for CVE-2005-0432
Probability of exploitation activity in the next 30 days: 0.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-0432
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2005-0432
-
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA05-74.00.jsp
Patch;Vendor Advisory
Products affected by CVE-2005-0432
- cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*