Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:3731D876ADD116F969B63F8C1F9FB5C0
HistoryJul 25, 2008 - 12:00 a.m.

Oracle WebLogic Server Apache Connector POST buffer overflow

2008-07-2500:00:00
SAINT Corporation
download.saintcorporation.com
28

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.946 High

EPSS

Percentile

99.0%

JSON

Added: 07/25/2008
CVE: CVE-2008-3257
BID: 30273
OSVDB: 47096

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a long, specially crafted POST request.

Resolution

Apply a fix when available.

References

<http://secunia.com/advisories/31146/&gt;

Limitations

Exploit works on WebLogic Server 10.0. On Windows Server 2003, patch KB933729 (rpcrt4.dll version 5.2.3790.4115) must be installed.

Platforms

Windows 2000
Windows Server 2003

Related

packetstorm 1
saint 3
prion 1
nessus 1
cve 1
checkpoint_advisories 1
attackerkb 1
cert 1
oracle 2
packetstorm
packetstorm
Oracle Weblogic Apache Connector POST Request Buffer Overflow
2012-05-18 00:00:00
saint
saint
Oracle WebLogic Server Apache Connector POST buffer overflow
2008-07-25 00:00:00
Oracle WebLogic Server Apache Connector POST buffer overflow
2008-07-25 00:00:00
Oracle WebLogic Server Apache Connector POST buffer overflow
2008-07-25 00:00:00
prion
prion
Stack overflow
2008-07-22 16:41:00
nessus
nessus
Oracle WebLogic Server mod_wl POST Request Remote Overflow
2008-08-18 00:00:00
cve
cve
CVE-2008-3257
2008-07-22 16:41:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Oracle WebLogic Server Apache Connector HTTP Version String Buffer Vulnerability
2008-08-03 00:00:00
attackerkb
attackerkb
Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability
2008-07-22 00:00:00
cert
cert
Oracle Weblogic Apache connector vulnerable to buffer overflow
2008-07-29 00:00:00
oracle
oracle
CPUOct2008 Advisory
2008-10-14 00:00:00
CPU Jan 2009
2009-01-13 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.946 High

EPSS

Percentile

99.0%

JSON
Related for SAINT:3731D876ADD116F969B63F8C1F9FB5C0
packetstorm1saint3prion1nessus1cve1checkpoint_advisories1attackerkb1cert1oracle2