Vulners
Lucene search
BEA Systems WebLogic Server and Express 7.0 - Null Character Denial of Service
source: https://www.securityfocus.com/bid/4646/info
BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux distributions.
BEA WebLogic Express provides a platform for serving dynamic data to web and wireless applications.
It is possible to create a denial of service condition by appending a null character to a request for a MS-DOS device name (such as AUX). Multiple malformed requests will cause the server to hang.
BugTraq ID 3816 "BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability" describes a similar condition, which was fixed in WebLogic Server 6.1 SP2. However, the null character variation of this attack affects systems running WebLogic Server 6.1 SP2.
The server must be restarted to regain normal functionality.
This issue may be exploited with a web browser. For example:
http://target//aux%00Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Apr 2002 00:00Current
7.4High risk
Vulners AI Score7.4