CVE-2008-4008

2008-10-1421:11:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2008-4008

weblogic

apache

bea product suite

vulnerability

buffer overflow

nvd

6.4 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.

CPENameOperatorVersion
oracle:bea_product_suiteoracle bea product suiteeq6.1
oracle:bea_product_suiteoracle bea product suiteeq9.1
oracle:bea_product_suiteoracle bea product suiteeq8.1
oracle:bea_product_suiteoracle bea product suiteeq10.0
oracle:bea_product_suiteoracle bea product suiteeq7.0
oracle:bea_product_suiteoracle bea product suiteeq9.0
oracle:bea_product_suiteoracle bea product suiteeq10.3
oracle:bea_product_suiteoracle bea product suiteeq9.2

CPE	Name	Operator	Version
oracle:bea_product_suite	oracle bea product suite	eq	6.1
oracle:bea_product_suite	oracle bea product suite	eq	9.1
oracle:bea_product_suite	oracle bea product suite	eq	8.1
oracle:bea_product_suite	oracle bea product suite	eq	10.0
oracle:bea_product_suite	oracle bea product suite	eq	7.0
oracle:bea_product_suite	oracle bea product suite	eq	9.0
oracle:bea_product_suite	oracle bea product suite	eq	10.3
oracle:bea_product_suite	oracle bea product suite	eq	9.2