CVE-2002-1065 | Vulnerability Database | Aqua Security

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing.

Affected Software

Name	Vendor	Start Version	End Version
Jana_web_server	T._hauck	1.0 (including)	1.0 (including)
Jana_web_server	T._hauck	1.45 (including)	1.45 (including)
Jana_web_server	T._hauck	1.46 (including)	1.46 (including)
Jana_web_server	T._hauck	2.0 (including)	2.0 (including)
Jana_web_server	T._hauck	2.0_beta1 (including)	2.0_beta1 (including)
Jana_web_server	T._hauck	2.0_beta2 (including)	2.0_beta2 (including)
Jana_web_server	T._hauck	2.2.1 (including)	2.2.1 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
http://www.iss.net/security_center/static/9688.php
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
http://www.iss.net/security_center/static/9688.php

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1065
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html