CVE-2008-0901

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and Express versions 7.0 through 10.0

Description The issue allows remote attackers to conduct brute force password guessing attacks. This is possible even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

Recommendations For versions 7.0 through 10.0, consider implementing additional security measures to prevent brute force attacks, such as limiting the number of login attempts or temporarily disabling access after a certain number of failed attempts. As a temporary workaround, restrict access to sensitive areas of the server to minimize the risk of exploitation.