Lucene search

K
saintSAINT CorporationSAINT:4EEE4C6894A360593F8777B9B31373F0
HistoryOct 31, 2008 - 12:00 a.m.

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

2008-10-3100:00:00
SAINT Corporation
download.saintcorporation.com
34

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

Added: 10/31/2008
CVE: CVE-2008-4008
BID: 31683
OSVDB: 49283

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted Transfer-Encoding header in an HTTP request.

Resolution

Install the latest WebLogic Server plug-in referenced in the Oracle Security Advisory.

References

<https://support.bea.com/application_content/product_portlets/securityadvisories/2806.html&gt;

Limitations

Exploit works on the WebLogic Server Connector for Apache 1.0.1136334.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%