mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-12 02:04:49 +00:00
239 lines
8.2 KiB
JSON
239 lines
8.2 KiB
JSON
{
|
|
"id": "CVE-2008-0901",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2008-02-22T21:44:00.000",
|
|
"lastModified": "2024-11-21T00:43:11.013",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "BEA WebLogic Server y Express de 7.0 a 10.0 permite a atacantes remotos llevar a cabo ataques para adivinar contrase\u00f1as mediante fuerza bruta, incluso cuando se ha activado el cierre de cuenta, a trav\u00e9s de URLs manipulados que indican si la contrase\u00f1a supuesta es buena o no."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
|
|
"baseScore": 7.1,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-255"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "16E3F943-D920-4C0A-8545-5CF7D792011F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B46A3EBE-B268-427E-AAB5-62DDF255F1D1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9429D939-FCC4-4BA7-90C4-BBEECE7309D0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7A75A7F9-A99A-4C8E-9867-71FA8A55DD70"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "321BC193-5FBF-4F25-996D-1FE74779F34D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E23EB6FE-EA07-426F-9781-87630BC76FB3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60F9ABCC-5217-4650-8C71-F8B0EB86789F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea_systems:weblogic_server:10.0_mp1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5D4B4A86-A381-4DB1-AA9D-57DBEC2466CF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://dev2dev.bea.com/pub/advisory/271",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29041",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1019449",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/0612/references",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://dev2dev.bea.com/pub/advisory/271",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29041",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1019449",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/0612/references",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |