10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.6%
Added: 04/10/2009
CVE: CVE-2008-5457
BID: 33177
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.
A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, specially crafted JSESSIONID parameter to the server.
Apply patch 7825169 as instructed in the Oracle Security Advisory.
<http://www.oracle.com/technology/deploy/security/wls-security/2809.html>
Exploit works on Oracle WebLogic 10.0 IIS connector on Windows 2000.
Windows 2000