Added: 04/10/2009
CVE: CVE-2008-5457
BID: 33177
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.
A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, specially crafted JSESSIONID parameter to the server.
Apply patch 7825169 as instructed in the Oracle Security Advisory.
<http://www.oracle.com/technology/deploy/security/wls-security/2809.html>
Exploit works on Oracle WebLogic 10.0 IIS connector on Windows 2000.
Windows 2000