CVE-2007-2697

Name of the Vulnerable Software and Affected Versions BEA WebLogic Express and WebLogic Server versions 7.0 through SP6 BEA WebLogic Express and WebLogic Server versions 8.1 through SP5 BEA WebLogic Express and WebLogic Server versions 9.0 BEA WebLogic Express and WebLogic Server versions 9.1

Description The issue concerns the embedded LDAP server in certain configurations, which does not limit or audit failed authentication attempts. This allows remote attackers to more easily conduct brute-force attacks against the administrator password or flood the server with login attempts, causing a denial of service.

Recommendations For versions 7.0 through SP6, consider implementing authentication attempt limits and auditing to mitigate the risk. For versions 8.1 through SP5, consider implementing authentication attempt limits and auditing to mitigate the risk. For versions 9.0, consider implementing authentication attempt limits and auditing to mitigate the risk. For versions 9.1, consider implementing authentication attempt limits and auditing to mitigate the risk. As a temporary workaround, consider restricting access to the LDAP server to minimize the risk of exploitation.