Lucene search
SAINT CorporationSAINT:6763DC454040C45562777CCC7CC949A0HistoryJul 25, 2008 - 12:00 a.m.
Oracle WebLogic Server Apache Connector POST buffer overflow
2008-07-2500:00:00
SAINT Corporation
www.saintcorporation.com
23
0.946 High
EPSS
Percentile
99.0%
Added: 07/25/2008
CVE: CVE-2008-3257
BID: 30273
OSVDB: 47096
Background
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.
Problem
A buffer overflow in the Apache Connector for WebLogic Server allows remote attackers to execute arbitrary commands by sending a long, specially crafted POST request.
Resolution
Apply a fix when available.
References
<http://secunia.com/advisories/31146/>
Limitations
Exploit works on WebLogic Server 10.0. On Windows Server 2003, patch KB933729 (rpcrt4.dll version 5.2.3790.4115) must be installed.
Platforms
Windows 2000
Windows Server 2003
Related
packetstorm
packetstorm
Oracle Weblogic Apache Connector POST Request Buffer Overflow
2012-05-18 00:00:00
nessus
nessus
Oracle WebLogic Server mod_wl POST Request Remote Overflow
2008-08-18 00:00:00
prion
prion
Stack overflow
2008-07-22 16:41:00
cve
cve
CVE-2008-3257
2008-07-22 16:41:00
checkpoint_advisories
checkpoint_advisories
attackerkb
attackerkb
Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability
2008-07-22 00:00:00
saint
saint
Oracle WebLogic Server Apache Connector POST buffer overflow
2008-07-25 00:00:00
Oracle WebLogic Server Apache Connector POST buffer overflow
2008-07-25 00:00:00
Oracle WebLogic Server Apache Connector POST buffer overflow
2008-07-25 00:00:00
cert
cert
Oracle Weblogic Apache connector vulnerable to buffer overflow
2008-07-29 00:00:00
oracle
oracle
CPUOct2008 Advisory
2008-10-14 00:00:00
CPU Jan 2009
2009-01-13 00:00:00