Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3257

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3257
Last Modified 07 Mar 2011 10:10:30
Published 22 Jul 2008 12:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3257

Summary

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Vulnerable Systems

Application

  • Bea Systems Apache Connector In Weblogic Server

  • Bea Systems Weblogic Server 10.0 Mp1

  • Bea Weblogic Server 10.0

  • Bea Weblogic Server 3.1.8

  • Bea Weblogic Server 4.0

  • Bea Weblogic Server 4.0.4

  • Bea Weblogic Server 4.5

  • Bea Weblogic Server 4.5.1

  • Bea Weblogic Server 4.5.2

  • Bea Weblogic Server 5.1

  • Bea Weblogic Server 6.0

  • Bea Weblogic Server 6.1

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 7.0.0.1

  • Bea Weblogic Server 8.1

  • Bea Weblogic Server 9.0

  • Bea Weblogic Server 9.1

  • Bea Weblogic Server 9.2

  • Oracle Weblogic Server 10.3


References

CERT-VN - VU#716387

CONFIRM - https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html

XF - oracle-weblogic-apacheconnector-bo(43885)

VUPEN - ADV-2008-2145

SECTRACK - 1020520

BID - 30273

CONFIRM - http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html

MILW0RM - 6089

VIM - 20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC

SECUNIA - 31146

CONFIRM - http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html


Last Updated: 27 May 2016 10:48:08