Loading
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
Cite this page
CVE-2008-0901. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2008-0901
Use CWE-200, Bea vendor hub and Weblogic Server product page to widen CVE-2008-0901 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2008-3257, CVE-2008-0897 and CVE-2007-5576 for nearby disclosures in the same product family.