Lucene search

SAINT CorporationSAINT:A49D9212C633FA5C01E8E1F117F214F6

HistoryOct 31, 2008 - 12:00 a.m.

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

2008-10-3100:00:00

SAINT Corporation

my.saintcorporation.com

133

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Added: 10/31/2008
CVE: CVE-2008-4008
BID: 31683
OSVDB: 49283

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted Transfer-Encoding header in an HTTP request.

Resolution

Install the latest WebLogic Server plug-in referenced in the Oracle Security Advisory.

References

<https://support.bea.com/application_content/product_portlets/securityadvisories/2806.html>

Limitations

Exploit works on the WebLogic Server Connector for Apache 1.0.1136334.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Related for SAINT:A49D9212C633FA5C01E8E1F117F214F6