CVE-2005-4767 Information

Description

BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier and 7.0 SP6 and earlier when using username/password authentication does not lock out a username after the maximum number of invalid login attempts which makes it easier for remote attackers to guess the password.

Reference

http://dev2dev.bea.com/pub/advisory/161 http://dev2dev.bea.com/pub/advisory/178 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052 http://www.securityfocus.com/bid/17168