Lucene search
SAINT CorporationSAINT:0D89E3AE4BEF2E65EAAD814D13A33ACFHistoryApr 10, 2009 - 12:00 a.m.
Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
2009-04-1000:00:00
SAINT Corporation
www.saintcorporation.com
45
EPSS
0.968
Percentile
99.7%
Added: 04/10/2009
CVE: CVE-2008-5457
BID: 33177
Background
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.
Problem
A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, specially crafted JSESSIONID parameter to the server.
Resolution
Apply patch 7825169 as instructed in the Oracle Security Advisory.
References
<http://www.oracle.com/technology/deploy/security/wls-security/2809.html>
Limitations
Exploit works on Oracle WebLogic 10.0 IIS connector on Windows 2000.
Platforms
Windows 2000
Related
nessus
nessus
Oracle WebLogic Server Plug-in Remote Overflow (1166189)
2009-01-15 00:00:00
cve
cve
CVE-2008-5457
2009-01-14 02:30:00
zdt
zdt
Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit
2009-04-01 00:00:00
packetstorm
packetstorm
Oracle WebLogic IIS Connector Overflow
2009-04-01 00:00:00
BEA Weblogic JSESSIONID Cookie Value Overflow
2009-11-26 00:00:00
exploitpack
exploitpack
Oracle WebLogic IIS connector JSESSIONID - Remote Overflow
2009-04-01 00:00:00
prion
prion
Design/Logic Flaw
2009-01-14 02:30:00
metasploit
metasploit
BEA WebLogic JSESSIONID Cookie Value Overflow
2009-03-27 19:03:39
exploitdb
exploitdb
BEA WebLogic - JSESSIONID Cookie Value Overflow (Metasploit)
2010-07-03 00:00:00
Oracle WebLogic IIS connector JSESSIONID - Remote Overflow
2009-04-01 00:00:00
saint
saint
Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
2009-04-10 00:00:00
Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
2009-04-10 00:00:00
Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
2009-04-10 00:00:00
cvelist
cvelist
CVE-2008-5457
2009-01-14 02:00:00
nvd
nvd
CVE-2008-5457
2009-01-14 02:30:00
seebug
seebug
Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit
2009-04-02 00:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
Oracle applications multiple security vulnerabilities
2009-12-15 00:00:00
oracle
oracle
CPU Jan 2009
2009-01-13 00:00:00